Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-13810

Опубликовано: 17 апр. 2019
Источник: nvd
CVSS3: 6.5
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*
Версия до 2.8 (включая)
cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*
Версия до 2.8 (включая)
cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%
0.00165
Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVSS3: 6.5
github
около 3 лет назад

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

CVSS3: 4.3
fstec
больше 7 лет назад

Уязвимость микропрограммного обеспечения коммуникационного модуля Siemens CP, связанная с межсайтовой фальсификацией запросов, позволяющая нарушителю произвести атаку

EPSS

Процентиль: 38%
0.00165
Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352