PT-2018-16578 · Siemens · Scalance M875

Published

2018-06-26

Updated

2019-10-09

CVE-2018-4861

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SCALANCE M875 (All versions)

Description A security issue has been identified that allows an authenticated remote attacker with access to the web interface (443/tcp) to potentially read and download arbitrary files from the device's file system. The attacker must have network access to the web interface and be authenticated as an administrative user to exploit this issue. At the time of publication, no public exploitation of this issue was known.

Recommendations For SCALANCE M875, restrict access to the web interface to minimize the risk of exploitation. As a temporary workaround, consider limiting administrative user access until a patch is available.

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

CVE-2018-4861

Affected Products

Scalance M875

PT-2018-16578 · Siemens · Scalance M875

CVE-2018-4861

Weakness Enumeration

Related Identifiers

Affected Products

References · 2