CVE-2018-13810

EPSS 0.17%
Veröffentlicht 17.04.2019 14:29:03
Zuletzt bearbeitet 21.11.2024 03:48:06
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Cp 1604 Firmware Version <= 2.8

Siemens ≫ Cp 1604 Version-

Siemens ≫ Cp 1616 Firmware Version <= 2.8

Siemens ≫ Cp 1616 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.38

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-13810

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-13810

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-13810

EUVD