Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-13810

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

Published

2019-04-17T14:29:03.230

Last Modified

2024-11-21T03:48:06.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	cp_1604_firmware	≤ 2.8	Yes
Hardware	siemens	cp_1604	-	No
Operating System	siemens	cp_1616_firmware	≤ 2.8	Yes
Hardware	siemens	cp_1616	-	No

References

https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)