CVE-2018-4859

Name of the Vulnerable Software and Affected Versions SCALANCE M875 (All versions)

Description A security issue has been identified that allows an authenticated remote attacker with access to the web interface (443/tcp) to execute arbitrary operating system commands. The attacker must have network access to the web interface and be authenticated as an administrative user. This could allow the attacker to execute arbitrary code on the device. There are no known public exploits of this issue at the time of publication.

Recommendations For SCALANCE M875, restrict access to the web interface to minimize the risk of exploitation. As a temporary workaround, consider limiting administrative user access until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.