Lucene search

[email protected]CVE-2018-5461

HistoryMar 06, 2018 - 9:29 p.m.

CVE-2018-5461

2018-03-0621:29:00

CWE-326

[email protected]

web.nvd.nist.gov

cve-2018-5461

inadequate encryption

belden hirschmann

switches

web interface

man-in-the-middle attack

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

Affected configurations

NVD

Node

beldenhirschmann_rs20-0900mmm2tdauMatch-

beldenhirschmann_rs20-0900nnm4tdauMatch-

beldenhirschmann_rs20-0900vvm2tdauMatch-

beldenhirschmann_rs20-1600l2l2sdauMatch-

beldenhirschmann_rs20-1600l2m2sdauMatch-

beldenhirschmann_rs20-1600l2s2sdauMatch-

beldenhirschmann_rs20-1600l2t1sdauMatch-

beldenhirschmann_rs20-1600m2m2sdauMatch-

beldenhirschmann_rs20-1600m2t1sdauMatch-

beldenhirschmann_rs20-1600s2m2sdauMatch-

beldenhirschmann_rs20-1600s2s2sdauMatch-

beldenhirschmann_rs20-1600s2t1sdauMatch-

Node

beldenhirschmann_rsr20Match-

beldenhirschmann_rsr30Match-

Node

beldenhirschmann_rsb20-0800m2m2saabMatch-

beldenhirschmann_rsb20-0800m2m2saabeMatch-

beldenhirschmann_rsb20-0800m2m2taabMatch-

beldenhirschmann_rsb20-0800m2m2taabeMatch-

beldenhirschmann_rsb20-0800s2s2saabMatch-

beldenhirschmann_rsb20-0800s2s2saabeMatch-

beldenhirschmann_rsb20-0800s2s2taabMatch-

beldenhirschmann_rsb20-0800s2s2taabeMatch-

beldenhirschmann_rsb20-0800t1t1saabMatch-

beldenhirschmann_rsb20-0800t1t1saabeMatch-

beldenhirschmann_rsb20-0800t1t1taabMatch-

beldenhirschmann_rsb20-0800t1t1taabeMatch-

beldenhirschmann_rsb20-0900m2ttsaabMatch-

beldenhirschmann_rsb20-0900m2ttsaabeMatch-

beldenhirschmann_rsb20-0900m2tttaabMatch-

beldenhirschmann_rsb20-0900m2tttaabeMatch-

beldenhirschmann_rsb20-0900mmm2saabMatch-

beldenhirschmann_rsb20-0900mmm2saabeMatch-

beldenhirschmann_rsb20-0900mmm2taabMatch-

beldenhirschmann_rsb20-0900mmm2taabeMatch-

beldenhirschmann_rsb20-0900s2ttsaabMatch-

beldenhirschmann_rsb20-0900s2ttsaabeMatch-

beldenhirschmann_rsb20-0900s2tttaabMatch-

beldenhirschmann_rsb20-0900s2tttaabeMatch-

beldenhirschmann_rsb20-0900vvm2saabMatch-

beldenhirschmann_rsb20-0900vvm2saabeMatch-

beldenhirschmann_rsb20-0900vvm2taabMatch-

beldenhirschmann_rsb20-0900vvm2taabeMatch-

beldenhirschmann_rsb20-0900zzz6saabMatch-

beldenhirschmann_rsb20-0900zzz6saabeMatch-

beldenhirschmann_rsb20-0900zzz6taabMatch-

beldenhirschmann_rsb20-0900zzz6taabeMatch-

Node

beldenhirschmann_m1-8mm-scMatch-

beldenhirschmann_m1-8sfpMatch-

beldenhirschmann_m1-8sm-scMatch-

beldenhirschmann_m1-8tp-rj45Match-

beldenhirschmann_mach102-24tp-fMatch-

beldenhirschmann_mach102-24tp-frMatch-

beldenhirschmann_mach102-8tpMatch-

beldenhirschmann_mach102-8tp-fMatch-

beldenhirschmann_mach102-8tp-frMatch-

beldenhirschmann_mach102-8tp-rMatch-

beldenhirschmann_mach104-16tx-poepMatch-

beldenhirschmann_mach104-16tx-poep-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2xMatch-

beldenhirschmann_mach104-16tx-poep_\+2x-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-eMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-rMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-r-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-eMatch-

beldenhirschmann_mach104-16tx-poep_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-rMatch-

beldenhirschmann_mach104-16tx-poep_-r-l3pMatch-

beldenhirschmann_mach104-20tx-fMatch-

beldenhirschmann_mach104-20tx-f-4poeMatch-

beldenhirschmann_mach104-20tx-f-l3pMatch-

beldenhirschmann_mach104-20tx-frMatch-

beldenhirschmann_mach104-20tx-fr-l3pMatch-

Node

beldenhirschmann_mach4002-24g\+3x-l2pMatch-

beldenhirschmann_mach4002-24g\+3x-l3eMatch-

beldenhirschmann_mach4002-24g\+3x-l3pMatch-

beldenhirschmann_mach4002-24g-l2pMatch-

beldenhirschmann_mach4002-24g-l3eMatch-

beldenhirschmann_mach4002-24g-l3pMatch-

beldenhirschmann_mach4002-48g\+3x-l2pMatch-

beldenhirschmann_mach4002-48g\+3x-l3eMatch-

beldenhirschmann_mach4002-48g\+3x-l3pMatch-

beldenhirschmann_mach4002-48g-l2pMatch-

beldenhirschmann_mach4002-48g-l3eMatch-

beldenhirschmann_mach4002-48g-l3pMatch-

Node

beldenhirschmann_ms20-0800eccpMatch-

beldenhirschmann_ms20-0800saaeMatch-

beldenhirschmann_ms20-0800saapMatch-

beldenhirschmann_ms20-1600eccpMatch-

beldenhirschmann_ms20-1600saaeMatch-

beldenhirschmann_ms20-1600saapMatch-

beldenhirschmann_ms30-0802saaeMatch-

beldenhirschmann_ms30-0802saapMatch-

beldenhirschmann_ms30-1602saaeMatch-

Node

beldenhirschmann_octopus_16mMatch-

beldenhirschmann_octopus_16m-8poeMatch-

beldenhirschmann_octopus_16m-trainMatch-

beldenhirschmann_octopus_16m-train-bpMatch-

beldenhirschmann_octopus_24mMatch-

beldenhirschmann_octopus_24m-8_poeMatch-

beldenhirschmann_octopus_24m-trainMatch-

beldenhirschmann_octopus_24m-train-bpMatch-

beldenhirschmann_octopus_5tx_eecMatch-

beldenhirschmann_octopus_8mMatch-

beldenhirschmann_octopus_8m-6poeMatch-

beldenhirschmann_octopus_8m-8poeMatch-

beldenhirschmann_octopus_8m-trainMatch-

beldenhirschmann_octopus_8m-train-bpMatch-

beldenhirschmann_octopus_8tx-eecMatch-

beldenhirschmann_octopus_8tx_poe-eecMatch-

beldenhirschmann_octopus_os20-000900t5t5tafbhhMatch-

beldenhirschmann_octopus_os20-000900t5t5tnebhhMatch-

beldenhirschmann_octopus_os20-0010001m1mtrephhMatch-

beldenhirschmann_octopus_os20-0010001s1strephhMatch-

beldenhirschmann_octopus_os20-0010004m4mtrephhMatch-

beldenhirschmann_octopus_os20-0010004s4strephhMatch-

beldenhirschmann_octopus_os20-001000t5t5tafuhbMatch-

beldenhirschmann_octopus_os20-001000t5t5tneuhbMatch-

beldenhirschmann_octopus_os24-080900t5t5tffbhhMatch-

beldenhirschmann_octopus_os24-080900t5t5tnebhhMatch-

beldenhirschmann_octopus_os24-081000t5t5tffuhbMatch-

beldenhirschmann_octopus_os24-081000t5t5tneuhbMatch-

beldenhirschmann_octopus_os30Match-

beldenhirschmann_octopus_os30-0008021a1atrephhMatch-

beldenhirschmann_octopus_os30-0008021b1btrephhMatch-

beldenhirschmann_octopus_os30-0008024a4atrephhMatch-

beldenhirschmann_octopus_os30-0008024b4btrephhMatch-

beldenhirschmann_octopus_os32-080802o6o6tpephhMatch-

beldenhirschmann_octopus_os32-080802t6t6tpephhMatch-

beldenhirschmann_octopus_os32-081602o6o6tpephhMatch-

beldenhirschmann_octopus_os32-081602t6t6tpephhMatch-

beldenhirschmann_octopus_os34Match-

beldenhirschmann_octopus_os3x-xx16xxxMatch-

beldenhirschmann_octopus_os3x-xx24xxxMatch-

CPENameOperatorVersion
belden:hirschmann_rs20-0900mmm2tdaubelden hirschmann rs20-0900mmm2tdaueq-
belden:hirschmann_rs20-0900nnm4tdaubelden hirschmann rs20-0900nnm4tdaueq-
belden:hirschmann_rs20-0900vvm2tdaubelden hirschmann rs20-0900vvm2tdaueq-
belden:hirschmann_rs20-1600l2l2sdaubelden hirschmann rs20-1600l2l2sdaueq-
belden:hirschmann_rs20-1600l2m2sdaubelden hirschmann rs20-1600l2m2sdaueq-
belden:hirschmann_rs20-1600l2s2sdaubelden hirschmann rs20-1600l2s2sdaueq-
belden:hirschmann_rs20-1600l2t1sdaubelden hirschmann rs20-1600l2t1sdaueq-
belden:hirschmann_rs20-1600m2m2sdaubelden hirschmann rs20-1600m2m2sdaueq-
belden:hirschmann_rs20-1600m2t1sdaubelden hirschmann rs20-1600m2t1sdaueq-
belden:hirschmann_rs20-1600s2m2sdaubelden hirschmann rs20-1600s2m2sdaueq-

CPE	Name	Operator	Version
belden:hirschmann_rs20-0900mmm2tdau	belden hirschmann rs20-0900mmm2tdau	eq	-
belden:hirschmann_rs20-0900nnm4tdau	belden hirschmann rs20-0900nnm4tdau	eq	-
belden:hirschmann_rs20-0900vvm2tdau	belden hirschmann rs20-0900vvm2tdau	eq	-
belden:hirschmann_rs20-1600l2l2sdau	belden hirschmann rs20-1600l2l2sdau	eq	-
belden:hirschmann_rs20-1600l2m2sdau	belden hirschmann rs20-1600l2m2sdau	eq	-
belden:hirschmann_rs20-1600l2s2sdau	belden hirschmann rs20-1600l2s2sdau	eq	-
belden:hirschmann_rs20-1600l2t1sdau	belden hirschmann rs20-1600l2t1sdau	eq	-
belden:hirschmann_rs20-1600m2m2sdau	belden hirschmann rs20-1600m2m2sdau	eq	-
belden:hirschmann_rs20-1600m2t1sdau	belden hirschmann rs20-1600m2t1sdau	eq	-
belden:hirschmann_rs20-1600s2m2sdau	belden hirschmann rs20-1600s2m2sdau	eq	-

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103340

ics-cert.us-cert.gov/advisories/ICSA-18-065-01

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for CVE-2018-5461

ptsecurity1 prion1 nvd1 cvelist1 ics1