CVE-2018-13810

Published: Apr 17, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known.

Affected (2)

Products: Siemens: Cp 1604 Firmware, Cp 1616 Firmware

2 products

Cp 1604 Firmware

Cp 1616 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Cp 1604 Firmware	Up to 2.8

Running on/with	Platform Versions
Siemens Cp 1604	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Cp 1616 Firmware	Up to 2.8

Running on/with	Platform Versions
Siemens Cp 1616	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.