PT-2018-2977 · Siemens · Siemens Cp 1616+1

Published

2018-01-08

Updated

2019-07-11

CVE-2018-13808

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Siemens CP 1604 versions all Siemens CP 1616 versions all

Description The issue is related to the lack of authentication for the Telnet service in the Siemens CP communication module software. This could allow a remote attacker to extract data or cause a denial-of-service condition. The attacker would need network access to port 23/tcp to exploit this issue. At the time of reporting, there were no known public exploits of this issue.

Recommendations For Siemens CP 1604, restrict access to port 23/tcp to minimize the risk of exploitation. For Siemens CP 1616, restrict access to port 23/tcp to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2019-03003

CVE-2018-13808

Affected Products

Siemens Cp 1604

Siemens Cp 1616

PT-2018-2977 · Siemens · Siemens Cp 1616+1

CVE-2018-13808

Weakness Enumeration

Related Identifiers

Affected Products

References · 4