CVE-2018-11447

Name of the Vulnerable Software and Affected Versions SCALANCE M875 (All versions)

Description A security issue has been identified that could allow a Cross-Site Request Forgery (CSRF) attack through the web interface on port 443/tcp. This attack requires user interaction by a legitimate administrative user who must be authenticated to the web interface. Successful exploitation could allow an attacker to interact with the web interface as an administrative user, potentially enabling them to read or modify the device configuration or exploit other vulnerabilities that require administrative authentication. No public exploitation of this issue was known at the time of advisory publication.

Recommendations For SCALANCE M875, consider disabling access to the web interface on port 443/tcp until a fix is available to prevent potential CSRF attacks. Restrict administrative user access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.