PT-2018-2977 · Siemens · Siemens Cp 1616+1

Publicado

2018-01-08

Atualizado

2019-07-11

CVE-2018-13808

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Siemens CP 1604 versions all Siemens CP 1616 versions all

Description The issue is related to the lack of authentication for the Telnet service in the Siemens CP communication module software. This could allow a remote attacker to extract data or cause a denial-of-service condition. The attacker would need network access to port 23/tcp to exploit this issue. At the time of reporting, there were no known public exploits of this issue.

Recommendations For Siemens CP 1604, restrict access to port 23/tcp to minimize the risk of exploitation. For Siemens CP 1616, restrict access to port 23/tcp to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2019-03003

CVE-2018-13808

Produtos afetados

Siemens Cp 1604

Siemens Cp 1616

PT-2018-2977 · Siemens · Siemens Cp 1616+1

CVE-2018-13808

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4