CVE-2018-13810

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Cp 1604; Cp 1616
Vendor: CVE Published:; 17 April 2019

Summary

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

Affected Version(s)

CP 1604 All versions

CP 1616 All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55917...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2019
Vulnerability Reserved
Jul 10, 2018