Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSiemensCVE-2018-11449
HistoryJun 26, 2018 - 6:29 p.m.

CVE-2018-11449

2018-06-2618:29:00
CWE-79
siemens
web.nvd.nist.gov
25
vulnerability
scalance m875
administrative passwords
security
unauthorized access

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0

Percentile

12.6%

JSON

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected configurations

Nvd
Node
siemensscalance_m875_firmwareMatch-
AND
siemensscalance_m875Match-
VendorProductVersionCPE
siemensscalance_m875_firmware-cpe:2.3:o:siemens:scalance_m875_firmware:-:*:*:*:*:*:*:*
siemensscalance_m875-cpe:2.3:h:siemens:scalance_m875:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "SCALANCE M875",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SCALANCE M875 All versions"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nessus 1
nvd 1
cvelist
cvelist
CVE-2018-11449
2018-06-26 18:00:00
prion
prion
Code injection
2018-06-26 18:29:00
nessus
nessus
Siemens SCALANCE M875 Insufficiently Protected Credentials (CVE-2018-11449)
2023-04-11 00:00:00
nvd
nvd
CVE-2018-11449
2018-06-26 18:29:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0

Percentile

12.6%

JSON
Related for CVE-2018-11449
cvelist1prion1nessus1nvd1