PT-2018-2979 · Siemens · Siemens Cp 1616+1

Published

2018-01-08

Updated

2019-07-11

CVE-2018-13810

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Siemens CP 1604 versions all Siemens CP 1616 versions all

Description The issue is related to a Cross-Site Request Forgery (CSRF) attack. It may allow a remote attacker to perform actions via the web interface that a legitimate user is allowed to, if the user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user.

Recommendations For Siemens CP 1604, restrict access to the integrated configuration web server to minimize the risk of exploitation. For Siemens CP 1616, restrict access to the integrated configuration web server to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BDU:2019-03005

CVE-2018-13810

Affected Products

Siemens Cp 1604

Siemens Cp 1616

PT-2018-2979 · Siemens · Siemens Cp 1616+1

CVE-2018-13810

Weakness Enumeration

Related Identifiers

Affected Products

References · 4