CVE-2020-28398

EPSS 0.07%
Veröffentlicht 10.12.2024 14:15:18
Zuletzt bearbeitet 10.12.2024 14:15:18
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to 
cross-site request forgery (CSRF).

This could allow an attacker to read or modify the device configuration
by tricking an authenticated legitimate user into accessing a malicious link.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellersiemens

≫

Produkt ruggedcom_rox_mx5000

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_mx5000re

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1400

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1500

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1501

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1510

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1511

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1512

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1524

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx1536

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Herstellersiemens

≫

Produkt ruggedcom_rox_rx5000

Default Statusunknown

Version < 2.16.0

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	8.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://cert-portal.siemens.com/productcert/html/ssa-384652.html

https://nvd.nist.gov/vuln/detail/CVE-2020-28398

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28398

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28398

EUVD