Siemens EN100 Ethernet Module (Update A) (ICSA-19-344-07) – Products Used in the Water and Wastewater and Energy Sectors

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

December 12, 2019

CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer, cross-site scripting, and relative path traversal vulnerabilities in Siemens EN100 Ethernet Module. Multiple versions of multiple products are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code, cause a denial-of-service condition, and obtain sensitive information about the device. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.