Lucene search

[email protected]CVE-2018-5471

HistoryMar 06, 2018 - 9:29 p.m.

CVE-2018-5471

2018-03-0621:29:00

CWE-319

[email protected]

web.nvd.nist.gov

cve

2018

5471

cleartext transmission

sensitive information

belden hirschmann

switches

nvd

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

Affected configurations

NVD

Node

beldenhirschmann_rs20-0900mmm2tdauMatch-

beldenhirschmann_rs20-0900nnm4tdauMatch-

beldenhirschmann_rs20-0900vvm2tdauMatch-

beldenhirschmann_rs20-1600l2l2sdauMatch-

beldenhirschmann_rs20-1600l2m2sdauMatch-

beldenhirschmann_rs20-1600l2s2sdauMatch-

beldenhirschmann_rs20-1600l2t1sdauMatch-

beldenhirschmann_rs20-1600m2m2sdauMatch-

beldenhirschmann_rs20-1600m2t1sdauMatch-

beldenhirschmann_rs20-1600s2m2sdauMatch-

beldenhirschmann_rs20-1600s2s2sdauMatch-

beldenhirschmann_rs20-1600s2t1sdauMatch-

Node

beldenhirschmann_rsr20Match-

beldenhirschmann_rsr30Match-

Node

beldenhirschmann_rsb20-0800m2m2saabMatch-

beldenhirschmann_rsb20-0800m2m2saabeMatch-

beldenhirschmann_rsb20-0800m2m2taabMatch-

beldenhirschmann_rsb20-0800m2m2taabeMatch-

beldenhirschmann_rsb20-0800s2s2saabMatch-

beldenhirschmann_rsb20-0800s2s2saabeMatch-

beldenhirschmann_rsb20-0800s2s2taabMatch-

beldenhirschmann_rsb20-0800s2s2taabeMatch-

beldenhirschmann_rsb20-0800t1t1saabMatch-

beldenhirschmann_rsb20-0800t1t1saabeMatch-

beldenhirschmann_rsb20-0800t1t1taabMatch-

beldenhirschmann_rsb20-0800t1t1taabeMatch-

beldenhirschmann_rsb20-0900m2ttsaabMatch-

beldenhirschmann_rsb20-0900m2ttsaabeMatch-

beldenhirschmann_rsb20-0900m2tttaabMatch-

beldenhirschmann_rsb20-0900m2tttaabeMatch-

beldenhirschmann_rsb20-0900mmm2saabMatch-

beldenhirschmann_rsb20-0900mmm2saabeMatch-

beldenhirschmann_rsb20-0900mmm2taabMatch-

beldenhirschmann_rsb20-0900mmm2taabeMatch-

beldenhirschmann_rsb20-0900s2ttsaabMatch-

beldenhirschmann_rsb20-0900s2ttsaabeMatch-

beldenhirschmann_rsb20-0900s2tttaabMatch-

beldenhirschmann_rsb20-0900s2tttaabeMatch-

beldenhirschmann_rsb20-0900vvm2saabMatch-

beldenhirschmann_rsb20-0900vvm2saabeMatch-

beldenhirschmann_rsb20-0900vvm2taabMatch-

beldenhirschmann_rsb20-0900vvm2taabeMatch-

beldenhirschmann_rsb20-0900zzz6saabMatch-

beldenhirschmann_rsb20-0900zzz6saabeMatch-

beldenhirschmann_rsb20-0900zzz6taabMatch-

beldenhirschmann_rsb20-0900zzz6taabeMatch-

Node

beldenhirschmann_m1-8mm-scMatch-

beldenhirschmann_m1-8sfpMatch-

beldenhirschmann_m1-8sm-scMatch-

beldenhirschmann_m1-8tp-rj45Match-

beldenhirschmann_mach102-24tp-fMatch-

beldenhirschmann_mach102-24tp-frMatch-

beldenhirschmann_mach102-8tpMatch-

beldenhirschmann_mach102-8tp-fMatch-

beldenhirschmann_mach102-8tp-frMatch-

beldenhirschmann_mach102-8tp-rMatch-

beldenhirschmann_mach104-16tx-poepMatch-

beldenhirschmann_mach104-16tx-poep-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2xMatch-

beldenhirschmann_mach104-16tx-poep_\+2x-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-eMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-rMatch-

beldenhirschmann_mach104-16tx-poep_\+2x_-r-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-eMatch-

beldenhirschmann_mach104-16tx-poep_-e-l3pMatch-

beldenhirschmann_mach104-16tx-poep_-rMatch-

beldenhirschmann_mach104-16tx-poep_-r-l3pMatch-

beldenhirschmann_mach104-20tx-fMatch-

beldenhirschmann_mach104-20tx-f-4poeMatch-

beldenhirschmann_mach104-20tx-f-l3pMatch-

beldenhirschmann_mach104-20tx-frMatch-

beldenhirschmann_mach104-20tx-fr-l3pMatch-

Node

beldenhirschmann_mach4002-24g\+3x-l2pMatch-

beldenhirschmann_mach4002-24g\+3x-l3eMatch-

beldenhirschmann_mach4002-24g\+3x-l3pMatch-

beldenhirschmann_mach4002-24g-l2pMatch-

beldenhirschmann_mach4002-24g-l3eMatch-

beldenhirschmann_mach4002-24g-l3pMatch-

beldenhirschmann_mach4002-48g\+3x-l2pMatch-

beldenhirschmann_mach4002-48g\+3x-l3eMatch-

beldenhirschmann_mach4002-48g\+3x-l3pMatch-

beldenhirschmann_mach4002-48g-l2pMatch-

beldenhirschmann_mach4002-48g-l3eMatch-

beldenhirschmann_mach4002-48g-l3pMatch-

Node

beldenhirschmann_ms20-0800eccpMatch-

beldenhirschmann_ms20-0800saaeMatch-

beldenhirschmann_ms20-0800saapMatch-

beldenhirschmann_ms20-1600eccpMatch-

beldenhirschmann_ms20-1600saaeMatch-

beldenhirschmann_ms20-1600saapMatch-

beldenhirschmann_ms30-0802saaeMatch-

beldenhirschmann_ms30-0802saapMatch-

beldenhirschmann_ms30-1602saaeMatch-

Node

beldenhirschmann_octopus_16mMatch-

beldenhirschmann_octopus_16m-8poeMatch-

beldenhirschmann_octopus_16m-trainMatch-

beldenhirschmann_octopus_16m-train-bpMatch-

beldenhirschmann_octopus_24mMatch-

beldenhirschmann_octopus_24m-8_poeMatch-

beldenhirschmann_octopus_24m-trainMatch-

beldenhirschmann_octopus_24m-train-bpMatch-

beldenhirschmann_octopus_5tx_eecMatch-

beldenhirschmann_octopus_8mMatch-

beldenhirschmann_octopus_8m-6poeMatch-

beldenhirschmann_octopus_8m-8poeMatch-

beldenhirschmann_octopus_8m-trainMatch-

beldenhirschmann_octopus_8m-train-bpMatch-

beldenhirschmann_octopus_8tx-eecMatch-

beldenhirschmann_octopus_8tx_poe-eecMatch-

beldenhirschmann_octopus_os20-000900t5t5tafbhhMatch-

beldenhirschmann_octopus_os20-000900t5t5tnebhhMatch-

beldenhirschmann_octopus_os20-0010001m1mtrephhMatch-

beldenhirschmann_octopus_os20-0010001s1strephhMatch-

beldenhirschmann_octopus_os20-0010004m4mtrephhMatch-

beldenhirschmann_octopus_os20-0010004s4strephhMatch-

beldenhirschmann_octopus_os20-001000t5t5tafuhbMatch-

beldenhirschmann_octopus_os20-001000t5t5tneuhbMatch-

beldenhirschmann_octopus_os24-080900t5t5tffbhhMatch-

beldenhirschmann_octopus_os24-080900t5t5tnebhhMatch-

beldenhirschmann_octopus_os24-081000t5t5tffuhbMatch-

beldenhirschmann_octopus_os24-081000t5t5tneuhbMatch-

beldenhirschmann_octopus_os30Match-

beldenhirschmann_octopus_os30-0008021a1atrephhMatch-

beldenhirschmann_octopus_os30-0008021b1btrephhMatch-

beldenhirschmann_octopus_os30-0008024a4atrephhMatch-

beldenhirschmann_octopus_os30-0008024b4btrephhMatch-

beldenhirschmann_octopus_os32-080802o6o6tpephhMatch-

beldenhirschmann_octopus_os32-080802t6t6tpephhMatch-

beldenhirschmann_octopus_os32-081602o6o6tpephhMatch-

beldenhirschmann_octopus_os32-081602t6t6tpephhMatch-

beldenhirschmann_octopus_os34Match-

beldenhirschmann_octopus_os3x-xx16xxxMatch-

beldenhirschmann_octopus_os3x-xx24xxxMatch-

CPENameOperatorVersion
belden:hirschmann_rs20-0900mmm2tdaubelden hirschmann rs20-0900mmm2tdaueq-
belden:hirschmann_rs20-0900nnm4tdaubelden hirschmann rs20-0900nnm4tdaueq-
belden:hirschmann_rs20-0900vvm2tdaubelden hirschmann rs20-0900vvm2tdaueq-
belden:hirschmann_rs20-1600l2l2sdaubelden hirschmann rs20-1600l2l2sdaueq-
belden:hirschmann_rs20-1600l2m2sdaubelden hirschmann rs20-1600l2m2sdaueq-
belden:hirschmann_rs20-1600l2s2sdaubelden hirschmann rs20-1600l2s2sdaueq-
belden:hirschmann_rs20-1600l2t1sdaubelden hirschmann rs20-1600l2t1sdaueq-
belden:hirschmann_rs20-1600m2m2sdaubelden hirschmann rs20-1600m2m2sdaueq-
belden:hirschmann_rs20-1600m2t1sdaubelden hirschmann rs20-1600m2t1sdaueq-
belden:hirschmann_rs20-1600s2m2sdaubelden hirschmann rs20-1600s2m2sdaueq-

CPE	Name	Operator	Version
belden:hirschmann_rs20-0900mmm2tdau	belden hirschmann rs20-0900mmm2tdau	eq	-
belden:hirschmann_rs20-0900nnm4tdau	belden hirschmann rs20-0900nnm4tdau	eq	-
belden:hirschmann_rs20-0900vvm2tdau	belden hirschmann rs20-0900vvm2tdau	eq	-
belden:hirschmann_rs20-1600l2l2sdau	belden hirschmann rs20-1600l2l2sdau	eq	-
belden:hirschmann_rs20-1600l2m2sdau	belden hirschmann rs20-1600l2m2sdau	eq	-
belden:hirschmann_rs20-1600l2s2sdau	belden hirschmann rs20-1600l2s2sdau	eq	-
belden:hirschmann_rs20-1600l2t1sdau	belden hirschmann rs20-1600l2t1sdau	eq	-
belden:hirschmann_rs20-1600m2m2sdau	belden hirschmann rs20-1600m2m2sdau	eq	-
belden:hirschmann_rs20-1600m2t1sdau	belden hirschmann rs20-1600m2t1sdau	eq	-
belden:hirschmann_rs20-1600s2m2sdau	belden hirschmann rs20-1600s2m2sdau	eq	-

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Hirschmann Automation and Control GmbH Classic Platform Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hirschmann Automation and Control GmbH Classic Platform Switches"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103340

ics-cert.us-cert.gov/advisories/ICSA-18-065-01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for CVE-2018-5471

cvelist1 ptsecurity1 nvd1 prion1 ics1