CVE-2018-11449

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS v3 7.8 HIGH
CVSS v2.0 2.1 LOW

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:scalance_m875_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m875:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:43

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf - Third Party Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf - Third Party Advisory

Information

Published : 2018-06-26 18:29

Updated : 2024-11-21 03:43

NVD link : CVE-2018-11449

Mitre link : CVE-2018-11449

CVE.ORG link : CVE-2018-11449

JSON object : View

Products Affected

siemens

scalance_m875
scalance_m875_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

NVD-CWE-noinfo

{"id": "CVE-2018-11449", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-06-26T18:29:00.747", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf", "tags": ["Third Party Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SCALANCE M875 (todas las versiones). Un atacante con acceso al sistema de archivos local podr\u00eda obtener las contrase\u00f1as de los usuarios administrativos. Su explotaci\u00f3n exitosa requiere acceso de lectura a los archivos en el sistema de archivos local. Un ataque con \u00e9xito podr\u00eda permitir a un atacante obtener contrase\u00f1as de administrador. En el momento de la publicaci\u00f3n del advisory, no se conoce ninguna explotaci\u00f3n p\u00fablica de la vulnerabilidad de seguridad."}], "lastModified": "2024-11-21T03:43:23.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m875_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "880C1489-FB3E-4697-A266-377A616C6EB5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m875:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "25AFAF4D-2485-4245-BF72-99C5EC471FF4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}