Siemens CP1604 and CP1616 Cross-Site Request Forgery (CVE-2018-13810)

A vulnerability has been identified in CP 1604 All versions, CP 1616 All versions. The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation...

Siemens CP1604 and CP1616 Improper Neutralization of Input During Web Page Generation (CVE-2018-13809)

A vulnerability has been identified in CP 1604 All versions, CP 1616 All versions. The integrated web server of the affected CP devices could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful...

Siemens CP1604 and CP1616 Cleartext Transmission of Sensitive Information (CVE-2018-13808)

A vulnerability has been identified in CP 1604 All versions, CP 1616 All versions. An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time o...

SIEMENS CP1604 and CP1616 Device Cross-Site Scripting Vulnerability

The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO.The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A cross-site scripting vulnerability exists in the SIEMENS CP1604 and CP1616 devices. An attacker can exploit the vulnerability t...

ICSA-19-043-06 Siemens CP1604 and CP1616 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : CP1604 and CP1616 Vulnerabilities : Cleartext Transmission of Sensitive Information, Cross-site Scripting, Cross-site Request Forgery 2. UPDATE INFORMATION This updated...