CVE-2018-13810

Name of the Vulnerable Software and Affected Versions Siemens CP 1604 versions all Siemens CP 1616 versions all

Description The issue is related to a Cross-Site Request Forgery (CSRF) attack. It may allow a remote attacker to perform actions via the web interface that a legitimate user is allowed to, if the user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user.

Recommendations For Siemens CP 1604, restrict access to the integrated configuration web server to minimize the risk of exploitation. For Siemens CP 1616, restrict access to the integrated configuration web server to minimize the risk of exploitation.