Lucene search

[email protected]CVE-2018-5469

HistoryMar 06, 2018 - 9:29 p.m.

CVE-2018-5469

2018-03-0621:29:00

CWE-307

[email protected]

web.nvd.nist.gov

cve-2018-5469

belden hirschmann

platform switches

excessive authentication

vulnerability

web interface

brute force

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.

Affected configurations

NVD

Node

beldenhirschmann_rs20-0900mmm2tdauMatch-

beldenhirschmann_rs20-0900nnm4tdauMatch-

beldenhirschmann_rs20-0900vvm2tdauMatch-

beldenhirschmann_rs20-1600l2l2sdauMatch-

beldenhirschmann_rs20-1600l2m2sdauMatch-

beldenhirschmann_rs20-1600l2s2sdauMatch-

beldenhirschmann_rs20-1600l2t1sdauMatch-

beldenhirschmann_rs20-1600m2m2sdauMatch-

beldenhirschmann_rs20-1600m2t1sdauMatch-

beldenhirschmann_rs20-1600s2m2sdauMatch-

beldenhirschmann_rs20-1600s2s2sdauMatch-

beldenhirschmann_rs20-1600s2t1sdauMatch-

Node

beldenhirschmann_rsr20Match-

beldenhirschmann_rsr30Match-

Node

beldenhirschmann_rsb20-0800m2m2saabMatch-

beldenhirschmann_rsb20-0800m2m2saabeMatch-

beldenhirschmann_rsb20-0800m2m2taabMatch-

beldenhirschmann_rsb20-0800m2m2taabeMatch-

beldenhirschmann_rsb20-0800s2s2saabMatch-

beldenhirschmann_rsb20-0800s2s2saabeMatch-

beldenhirschmann_rsb20-0800s2s2taabMatch-

beldenhirschmann_rsb20-0800s2s2taabeMatch-

beldenhirschmann_rsb20-0800t1t1saabMatch-

beldenhirschmann_rsb20-0800t1t1saabeMatch-

beldenhirschmann_rsb20-0800t1t1taabMatch-

beldenhirschmann_rsb20-0800t1t1taabeMatch-

beldenhirschmann_rsb20-0900m2ttsaabMatch-

beldenhirschmann_rsb20-0900m2ttsaabeMatch-

beldenhirschmann_rsb20-0900m2tttaabMatch-

beldenhirschmann_rsb20-0900m2tttaabeMatch-

beldenhirschmann_rsb20-0900mmm2saabMatch-

beldenhirschmann_rsb20-0900mmm2saabeMatch-

beldenhirschmann_rsb20-0900mmm2taabMatch-

beldenhirschmann_rsb20-0900mmm2taabeMatch-

beldenhirschmann_rsb20-0900s2ttsaabMatch-

beldenhirschmann_rsb20-0900s2ttsaabeMatch-

beldenhirschmann_rsb20-0900s2tttaabMatch-

beldenhirschmann_rsb20-0900s2tttaabeMatch-

beldenhirschmann_rsb20-0900vvm2saabMatch-

beldenhirschmann_rsb20-0900vvm2saabeMatch-

beldenhirschmann_rsb20-0900vvm2taabMatch-

beldenhirschmann_rsb20-0900vvm2taabeMatch-

beldenhirschmann_rsb20-0900zzz6saabMatch-

beldenhirschmann_rsb20-0900zzz6saabeMatch-

beldenhirschmann_rsb20-0900zzz6taabMatch-

beldenhirschmann_rsb20-0900zzz6taabeMatch-

Node

beldenhirschmann_m1-8mm-scMatch-

beldenhirschmann_m1-8sfpMatch-

beldenhirschmann_m1-8sm-scMatch-

beldenhirschmann_m1-8tp-rj45Match-

beldenhirschmann_mach102-24tp-fMatch-

beldenhirschmann_mach102-24tp-frMatch-

beldenhirschmann_mach102-8tpMatch-

beldenhirschmann_mach102-8tp-fMatch-

beldenhirschmann_mach102-8tp-frMatch-

beldenhirschmann_mach102-8tp-rMatch-

beldenhirschmann_mach104-16tx-poepMatch-

beldenhirschmann_mach104-16tx-poep-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2xMatch-

beldenhirschmann_mach104-16tx-poep_\+2x-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-eMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-rMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-r-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-eMatch-

beldenhirschmann_mach104-16tx-poep_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-rMatch-

beldenhirschmann_mach104-16tx-poep_-r-l3pMatch-

beldenhirschmann_mach104-20tx-fMatch-

beldenhirschmann_mach104-20tx-f-4poeMatch-

beldenhirschmann_mach104-20tx-f-l3pMatch-

beldenhirschmann_mach104-20tx-frMatch-

beldenhirschmann_mach104-20tx-fr-l3pMatch-

Node

beldenhirschmann_mach4002-24g\+3x-l2pMatch-

beldenhirschmann_mach4002-24g\+3x-l3eMatch-

beldenhirschmann_mach4002-24g\+3x-l3pMatch-

beldenhirschmann_mach4002-24g-l2pMatch-

beldenhirschmann_mach4002-24g-l3eMatch-

beldenhirschmann_mach4002-24g-l3pMatch-

beldenhirschmann_mach4002-48g\+3x-l2pMatch-

beldenhirschmann_mach4002-48g\+3x-l3eMatch-

beldenhirschmann_mach4002-48g\+3x-l3pMatch-

beldenhirschmann_mach4002-48g-l2pMatch-

beldenhirschmann_mach4002-48g-l3eMatch-

beldenhirschmann_mach4002-48g-l3pMatch-

Node

beldenhirschmann_ms20-0800eccpMatch-

beldenhirschmann_ms20-0800saaeMatch-

beldenhirschmann_ms20-0800saapMatch-

beldenhirschmann_ms20-1600eccpMatch-

beldenhirschmann_ms20-1600saaeMatch-

beldenhirschmann_ms20-1600saapMatch-

beldenhirschmann_ms30-0802saaeMatch-

beldenhirschmann_ms30-0802saapMatch-

beldenhirschmann_ms30-1602saaeMatch-

Node

beldenhirschmann_octopus_16mMatch-

beldenhirschmann_octopus_16m-8poeMatch-

beldenhirschmann_octopus_16m-trainMatch-

beldenhirschmann_octopus_16m-train-bpMatch-

beldenhirschmann_octopus_24mMatch-

beldenhirschmann_octopus_24m-8_poeMatch-

beldenhirschmann_octopus_24m-trainMatch-

beldenhirschmann_octopus_24m-train-bpMatch-

beldenhirschmann_octopus_5tx_eecMatch-

beldenhirschmann_octopus_8mMatch-

beldenhirschmann_octopus_8m-6poeMatch-

beldenhirschmann_octopus_8m-8poeMatch-

beldenhirschmann_octopus_8m-trainMatch-

beldenhirschmann_octopus_8m-train-bpMatch-

beldenhirschmann_octopus_8tx-eecMatch-

beldenhirschmann_octopus_8tx_poe-eecMatch-

beldenhirschmann_octopus_os20-000900t5t5tafbhhMatch-

beldenhirschmann_octopus_os20-000900t5t5tnebhhMatch-

beldenhirschmann_octopus_os20-0010001m1mtrephhMatch-

beldenhirschmann_octopus_os20-0010001s1strephhMatch-

beldenhirschmann_octopus_os20-0010004m4mtrephhMatch-

beldenhirschmann_octopus_os20-0010004s4strephhMatch-

beldenhirschmann_octopus_os20-001000t5t5tafuhbMatch-

beldenhirschmann_octopus_os20-001000t5t5tneuhbMatch-

beldenhirschmann_octopus_os24-080900t5t5tffbhhMatch-

beldenhirschmann_octopus_os24-080900t5t5tnebhhMatch-

beldenhirschmann_octopus_os24-081000t5t5tffuhbMatch-

beldenhirschmann_octopus_os24-081000t5t5tneuhbMatch-

beldenhirschmann_octopus_os30Match-

beldenhirschmann_octopus_os30-0008021a1atrephhMatch-

beldenhirschmann_octopus_os30-0008021b1btrephhMatch-

beldenhirschmann_octopus_os30-0008024a4atrephhMatch-

beldenhirschmann_octopus_os30-0008024b4btrephhMatch-

beldenhirschmann_octopus_os32-080802o6o6tpephhMatch-

beldenhirschmann_octopus_os32-080802t6t6tpephhMatch-

beldenhirschmann_octopus_os32-081602o6o6tpephhMatch-

beldenhirschmann_octopus_os32-081602t6t6tpephhMatch-

beldenhirschmann_octopus_os34Match-

beldenhirschmann_octopus_os3x-xx16xxxMatch-

beldenhirschmann_octopus_os3x-xx24xxxMatch-

CPENameOperatorVersion
belden:hirschmann_rs20-0900mmm2tdaubelden hirschmann rs20-0900mmm2tdaueq-
belden:hirschmann_rs20-0900nnm4tdaubelden hirschmann rs20-0900nnm4tdaueq-
belden:hirschmann_rs20-0900vvm2tdaubelden hirschmann rs20-0900vvm2tdaueq-
belden:hirschmann_rs20-1600l2l2sdaubelden hirschmann rs20-1600l2l2sdaueq-
belden:hirschmann_rs20-1600l2m2sdaubelden hirschmann rs20-1600l2m2sdaueq-
belden:hirschmann_rs20-1600l2s2sdaubelden hirschmann rs20-1600l2s2sdaueq-
belden:hirschmann_rs20-1600l2t1sdaubelden hirschmann rs20-1600l2t1sdaueq-
belden:hirschmann_rs20-1600m2m2sdaubelden hirschmann rs20-1600m2m2sdaueq-
belden:hirschmann_rs20-1600m2t1sdaubelden hirschmann rs20-1600m2t1sdaueq-
belden:hirschmann_rs20-1600s2m2sdaubelden hirschmann rs20-1600s2m2sdaueq-

CPE	Name	Operator	Version
belden:hirschmann_rs20-0900mmm2tdau	belden hirschmann rs20-0900mmm2tdau	eq	-
belden:hirschmann_rs20-0900nnm4tdau	belden hirschmann rs20-0900nnm4tdau	eq	-
belden:hirschmann_rs20-0900vvm2tdau	belden hirschmann rs20-0900vvm2tdau	eq	-
belden:hirschmann_rs20-1600l2l2sdau	belden hirschmann rs20-1600l2l2sdau	eq	-
belden:hirschmann_rs20-1600l2m2sdau	belden hirschmann rs20-1600l2m2sdau	eq	-
belden:hirschmann_rs20-1600l2s2sdau	belden hirschmann rs20-1600l2s2sdau	eq	-
belden:hirschmann_rs20-1600l2t1sdau	belden hirschmann rs20-1600l2t1sdau	eq	-
belden:hirschmann_rs20-1600m2m2sdau	belden hirschmann rs20-1600m2m2sdau	eq	-
belden:hirschmann_rs20-1600m2t1sdau	belden hirschmann rs20-1600m2t1sdau	eq	-
belden:hirschmann_rs20-1600s2m2sdau	belden hirschmann rs20-1600s2m2sdau	eq	-

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103340

ics-cert.us-cert.gov/advisories/ICSA-18-065-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2018-5469

ptsecurity1 prion1 cvelist1 nvd1 ics1