PT-2018-16578 · Siemens · Scalance M875

Publicado

2018-06-26

Atualizado

2019-10-09

CVE-2018-4861

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SCALANCE M875 (All versions)

Description A security issue has been identified that allows an authenticated remote attacker with access to the web interface (443/tcp) to potentially read and download arbitrary files from the device's file system. The attacker must have network access to the web interface and be authenticated as an administrative user to exploit this issue. At the time of publication, no public exploitation of this issue was known.

Recommendations For SCALANCE M875, restrict access to the web interface to minimize the risk of exploitation. As a temporary workaround, consider limiting administrative user access until a patch is available.

Correção

Path traversal

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-200

Identificadores relacionados

CVE-2018-4861

Produtos afetados

Scalance M875

PT-2018-16578 · Siemens · Scalance M875

CVE-2018-4861

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2