CVE-2015-5374
EXPLOITEDSiemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service
Title source: metasploitDescription
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.
Exploits (3)
exploitdb
WORKING POC
by M. Can Kurnaz · pythondoshardware
https://www.exploit-db.com/exploits/44103
metasploit
WORKING POC
by M. Can Kurnaz · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/scada/siemens_siprotec4.rb
References (6)
Scores
EPSS
0.8391
EPSS Percentile
99.3%
Details
VulnCheck KEV
2017-06-12
CWE
CWE-19
Status
published
Products (1)
siemens/siprotec_firmware
4.24
Published
Jul 18, 2015
Tracked Since
Feb 18, 2026