Lucene search

[email protected]CVE-2018-5465

HistoryMar 06, 2018 - 9:29 p.m.

CVE-2018-5465

2018-03-0621:29:00

CWE-384

[email protected]

web.nvd.nist.gov

cve-2018-5465

session fixation

belden hirschmann

switches

web interface

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

Affected configurations

NVD

Node

beldenhirschmann_rs20-0900mmm2tdauMatch-

beldenhirschmann_rs20-0900nnm4tdauMatch-

beldenhirschmann_rs20-0900vvm2tdauMatch-

beldenhirschmann_rs20-1600l2l2sdauMatch-

beldenhirschmann_rs20-1600l2m2sdauMatch-

beldenhirschmann_rs20-1600l2s2sdauMatch-

beldenhirschmann_rs20-1600l2t1sdauMatch-

beldenhirschmann_rs20-1600m2m2sdauMatch-

beldenhirschmann_rs20-1600m2t1sdauMatch-

beldenhirschmann_rs20-1600s2m2sdauMatch-

beldenhirschmann_rs20-1600s2s2sdauMatch-

beldenhirschmann_rs20-1600s2t1sdauMatch-

Node

beldenhirschmann_rsr20Match-

beldenhirschmann_rsr30Match-

Node

beldenhirschmann_rsb20-0800m2m2saabMatch-

beldenhirschmann_rsb20-0800m2m2saabeMatch-

beldenhirschmann_rsb20-0800m2m2taabMatch-

beldenhirschmann_rsb20-0800m2m2taabeMatch-

beldenhirschmann_rsb20-0800s2s2saabMatch-

beldenhirschmann_rsb20-0800s2s2saabeMatch-

beldenhirschmann_rsb20-0800s2s2taabMatch-

beldenhirschmann_rsb20-0800s2s2taabeMatch-

beldenhirschmann_rsb20-0800t1t1saabMatch-

beldenhirschmann_rsb20-0800t1t1saabeMatch-

beldenhirschmann_rsb20-0800t1t1taabMatch-

beldenhirschmann_rsb20-0800t1t1taabeMatch-

beldenhirschmann_rsb20-0900m2ttsaabMatch-

beldenhirschmann_rsb20-0900m2ttsaabeMatch-

beldenhirschmann_rsb20-0900m2tttaabMatch-

beldenhirschmann_rsb20-0900m2tttaabeMatch-

beldenhirschmann_rsb20-0900mmm2saabMatch-

beldenhirschmann_rsb20-0900mmm2saabeMatch-

beldenhirschmann_rsb20-0900mmm2taabMatch-

beldenhirschmann_rsb20-0900mmm2taabeMatch-

beldenhirschmann_rsb20-0900s2ttsaabMatch-

beldenhirschmann_rsb20-0900s2ttsaabeMatch-

beldenhirschmann_rsb20-0900s2tttaabMatch-

beldenhirschmann_rsb20-0900s2tttaabeMatch-

beldenhirschmann_rsb20-0900vvm2saabMatch-

beldenhirschmann_rsb20-0900vvm2saabeMatch-

beldenhirschmann_rsb20-0900vvm2taabMatch-

beldenhirschmann_rsb20-0900vvm2taabeMatch-

beldenhirschmann_rsb20-0900zzz6saabMatch-

beldenhirschmann_rsb20-0900zzz6saabeMatch-

beldenhirschmann_rsb20-0900zzz6taabMatch-

beldenhirschmann_rsb20-0900zzz6taabeMatch-

Node

beldenhirschmann_m1-8mm-scMatch-

beldenhirschmann_m1-8sfpMatch-

beldenhirschmann_m1-8sm-scMatch-

beldenhirschmann_m1-8tp-rj45Match-

beldenhirschmann_mach102-24tp-fMatch-

beldenhirschmann_mach102-24tp-frMatch-

beldenhirschmann_mach102-8tpMatch-

beldenhirschmann_mach102-8tp-fMatch-

beldenhirschmann_mach102-8tp-frMatch-

beldenhirschmann_mach102-8tp-rMatch-

beldenhirschmann_mach104-16tx-poepMatch-

beldenhirschmann_mach104-16tx-poep-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2xMatch-

beldenhirschmann_mach104-16tx-poep_\+2x-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-eMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-rMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-r-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-eMatch-

beldenhirschmann_mach104-16tx-poep_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-rMatch-

beldenhirschmann_mach104-16tx-poep_-r-l3pMatch-

beldenhirschmann_mach104-20tx-fMatch-

beldenhirschmann_mach104-20tx-f-4poeMatch-

beldenhirschmann_mach104-20tx-f-l3pMatch-

beldenhirschmann_mach104-20tx-frMatch-

beldenhirschmann_mach104-20tx-fr-l3pMatch-

Node

beldenhirschmann_mach4002-24g\+3x-l2pMatch-

beldenhirschmann_mach4002-24g\+3x-l3eMatch-

beldenhirschmann_mach4002-24g\+3x-l3pMatch-

beldenhirschmann_mach4002-24g-l2pMatch-

beldenhirschmann_mach4002-24g-l3eMatch-

beldenhirschmann_mach4002-24g-l3pMatch-

beldenhirschmann_mach4002-48g\+3x-l2pMatch-

beldenhirschmann_mach4002-48g\+3x-l3eMatch-

beldenhirschmann_mach4002-48g\+3x-l3pMatch-

beldenhirschmann_mach4002-48g-l2pMatch-

beldenhirschmann_mach4002-48g-l3eMatch-

beldenhirschmann_mach4002-48g-l3pMatch-

Node

beldenhirschmann_ms20-0800eccpMatch-

beldenhirschmann_ms20-0800saaeMatch-

beldenhirschmann_ms20-0800saapMatch-

beldenhirschmann_ms20-1600eccpMatch-

beldenhirschmann_ms20-1600saaeMatch-

beldenhirschmann_ms20-1600saapMatch-

beldenhirschmann_ms30-0802saaeMatch-

beldenhirschmann_ms30-0802saapMatch-

beldenhirschmann_ms30-1602saaeMatch-

Node

beldenhirschmann_octopus_16mMatch-

beldenhirschmann_octopus_16m-8poeMatch-

beldenhirschmann_octopus_16m-trainMatch-

beldenhirschmann_octopus_16m-train-bpMatch-

beldenhirschmann_octopus_24mMatch-

beldenhirschmann_octopus_24m-8_poeMatch-

beldenhirschmann_octopus_24m-trainMatch-

beldenhirschmann_octopus_24m-train-bpMatch-

beldenhirschmann_octopus_5tx_eecMatch-

beldenhirschmann_octopus_8mMatch-

beldenhirschmann_octopus_8m-6poeMatch-

beldenhirschmann_octopus_8m-8poeMatch-

beldenhirschmann_octopus_8m-trainMatch-

beldenhirschmann_octopus_8m-train-bpMatch-

beldenhirschmann_octopus_8tx-eecMatch-

beldenhirschmann_octopus_8tx_poe-eecMatch-

beldenhirschmann_octopus_os20-000900t5t5tafbhhMatch-

beldenhirschmann_octopus_os20-000900t5t5tnebhhMatch-

beldenhirschmann_octopus_os20-0010001m1mtrephhMatch-

beldenhirschmann_octopus_os20-0010001s1strephhMatch-

beldenhirschmann_octopus_os20-0010004m4mtrephhMatch-

beldenhirschmann_octopus_os20-0010004s4strephhMatch-

beldenhirschmann_octopus_os20-001000t5t5tafuhbMatch-

beldenhirschmann_octopus_os20-001000t5t5tneuhbMatch-

beldenhirschmann_octopus_os24-080900t5t5tffbhhMatch-

beldenhirschmann_octopus_os24-080900t5t5tnebhhMatch-

beldenhirschmann_octopus_os24-081000t5t5tffuhbMatch-

beldenhirschmann_octopus_os24-081000t5t5tneuhbMatch-

beldenhirschmann_octopus_os30Match-

beldenhirschmann_octopus_os30-0008021a1atrephhMatch-

beldenhirschmann_octopus_os30-0008021b1btrephhMatch-

beldenhirschmann_octopus_os30-0008024a4atrephhMatch-

beldenhirschmann_octopus_os30-0008024b4btrephhMatch-

beldenhirschmann_octopus_os32-080802o6o6tpephhMatch-

beldenhirschmann_octopus_os32-080802t6t6tpephhMatch-

beldenhirschmann_octopus_os32-081602o6o6tpephhMatch-

beldenhirschmann_octopus_os32-081602t6t6tpephhMatch-

beldenhirschmann_octopus_os34Match-

beldenhirschmann_octopus_os3x-xx16xxxMatch-

beldenhirschmann_octopus_os3x-xx24xxxMatch-

CPENameOperatorVersion
belden:hirschmann_rs20-0900mmm2tdaubelden hirschmann rs20-0900mmm2tdaueq-
belden:hirschmann_rs20-0900nnm4tdaubelden hirschmann rs20-0900nnm4tdaueq-
belden:hirschmann_rs20-0900vvm2tdaubelden hirschmann rs20-0900vvm2tdaueq-
belden:hirschmann_rs20-1600l2l2sdaubelden hirschmann rs20-1600l2l2sdaueq-
belden:hirschmann_rs20-1600l2m2sdaubelden hirschmann rs20-1600l2m2sdaueq-
belden:hirschmann_rs20-1600l2s2sdaubelden hirschmann rs20-1600l2s2sdaueq-
belden:hirschmann_rs20-1600l2t1sdaubelden hirschmann rs20-1600l2t1sdaueq-
belden:hirschmann_rs20-1600m2m2sdaubelden hirschmann rs20-1600m2m2sdaueq-
belden:hirschmann_rs20-1600m2t1sdaubelden hirschmann rs20-1600m2t1sdaueq-
belden:hirschmann_rs20-1600s2m2sdaubelden hirschmann rs20-1600s2m2sdaueq-

CPE	Name	Operator	Version
belden:hirschmann_rs20-0900mmm2tdau	belden hirschmann rs20-0900mmm2tdau	eq	-
belden:hirschmann_rs20-0900nnm4tdau	belden hirschmann rs20-0900nnm4tdau	eq	-
belden:hirschmann_rs20-0900vvm2tdau	belden hirschmann rs20-0900vvm2tdau	eq	-
belden:hirschmann_rs20-1600l2l2sdau	belden hirschmann rs20-1600l2l2sdau	eq	-
belden:hirschmann_rs20-1600l2m2sdau	belden hirschmann rs20-1600l2m2sdau	eq	-
belden:hirschmann_rs20-1600l2s2sdau	belden hirschmann rs20-1600l2s2sdau	eq	-
belden:hirschmann_rs20-1600l2t1sdau	belden hirschmann rs20-1600l2t1sdau	eq	-
belden:hirschmann_rs20-1600m2m2sdau	belden hirschmann rs20-1600m2m2sdau	eq	-
belden:hirschmann_rs20-1600m2t1sdau	belden hirschmann rs20-1600m2t1sdau	eq	-
belden:hirschmann_rs20-1600s2m2sdau	belden hirschmann rs20-1600s2m2sdau	eq	-

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103340

ics-cert.us-cert.gov/advisories/ICSA-18-065-01

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2018-5465

ptsecurity1 cvelist1 prion1 nvd1 ics1