CVE-2018-5467
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: NVD
Description
An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.
Affected (134)
Products: Belden: Hirschmann Rs20 0900mmm2tdau, Hirschmann Rs20 0900nnm4tdau, Hirschmann Rs20 0900vvm2tdau, Hirschmann Rs20 1600l2l2sdau, Hirschmann Rs20 1600l2m2sdau, Hirschmann Rs20 1600l2s2sdau, Hirschmann Rs20 1600l2t1sdau, Hirschmann Rs20 1600m2m2sdau, Hirschmann Rs20 1600m2t1sdau, Hirschmann Rs20 1600s2m2sdau, Hirschmann Rs20 1600s2s2sdau, Hirschmann Rs20 1600s2t1sdau, Hirschmann Rsr20, Hirschmann Rsr30, Hirschmann Rsb20 0800m2m2saab, Hirschmann Rsb20 0800m2m2saabe, Hirschmann Rsb20 0800m2m2taab, Hirschmann Rsb20 0800m2m2taabe, Hirschmann Rsb20 0800s2s2saab, Hirschmann Rsb20 0800s2s2saabe, Hirschmann Rsb20 0800s2s2taab, Hirschmann Rsb20 0800s2s2taabe, Hirschmann Rsb20 0800t1t1saab, Hirschmann Rsb20 0800t1t1saabe, Hirschmann Rsb20 0800t1t1taab, Hirschmann Rsb20 0800t1t1taabe, Hirschmann Rsb20 0900m2ttsaab, Hirschmann Rsb20 0900m2ttsaabe, Hirschmann Rsb20 0900m2tttaab, Hirschmann Rsb20 0900m2tttaabe, Hirschmann Rsb20 0900mmm2saab, Hirschmann Rsb20 0900mmm2saabe, Hirschmann Rsb20 0900mmm2taab, Hirschmann Rsb20 0900mmm2taabe, Hirschmann Rsb20 0900s2ttsaab, Hirschmann Rsb20 0900s2ttsaabe, Hirschmann Rsb20 0900s2tttaab, Hirschmann Rsb20 0900s2tttaabe, Hirschmann Rsb20 0900vvm2saab, Hirschmann Rsb20 0900vvm2saabe, Hirschmann Rsb20 0900vvm2taab, Hirschmann Rsb20 0900vvm2taabe, Hirschmann Rsb20 0900zzz6saab, Hirschmann Rsb20 0900zzz6saabe, Hirschmann Rsb20 0900zzz6taab, Hirschmann Rsb20 0900zzz6taabe, Hirschmann M1 8mm Sc, Hirschmann M1 8sfp, Hirschmann M1 8sm Sc, Hirschmann M1 8tp Rj45, Hirschmann Mach102 24tp F, Hirschmann Mach102 24tp Fr, Hirschmann Mach102 8tp, Hirschmann Mach102 8tp F, Hirschmann Mach102 8tp Fr, Hirschmann Mach102 8tp R, Hirschmann Mach104 16tx Poep, Hirschmann Mach104 16tx Poep L3p, Hirschmann Mach104 16tx Poep +2x, Hirschmann Mach104 16tx Poep +2x L3p, Hirschmann Mach104 16tx Poep +2x E, Hirschmann Mach104 16tx Poep +2x E L3p, Hirschmann Mach104 16tx Poep +2x R, Hirschmann Mach104 16tx Poep +2x R L3p, Hirschmann Mach104 16tx Poep E, Hirschmann Mach104 16tx Poep E L3p, Hirschmann Mach104 16tx Poep R, Hirschmann Mach104 16tx Poep R L3p, Hirschmann Mach104 20tx F, Hirschmann Mach104 20tx F 4poe, Hirschmann Mach104 20tx F L3p, Hirschmann Mach104 20tx Fr, Hirschmann Mach104 20tx Fr L3p, Hirschmann Mach4002 24g+3x L2p, Hirschmann Mach4002 24g+3x L3e, Hirschmann Mach4002 24g+3x L3p, Hirschmann Mach4002 24g L2p, Hirschmann Mach4002 24g L3e, Hirschmann Mach4002 24g L3p, Hirschmann Mach4002 48g+3x L2p, Hirschmann Mach4002 48g+3x L3e, Hirschmann Mach4002 48g+3x L3p, Hirschmann Mach4002 48g L2p, Hirschmann Mach4002 48g L3e, Hirschmann Mach4002 48g L3p, Hirschmann Ms20 0800eccp, Hirschmann Ms20 0800saae, Hirschmann Ms20 0800saap, Hirschmann Ms20 1600eccp, Hirschmann Ms20 1600saae, Hirschmann Ms20 1600saap, Hirschmann Ms30 0802saae, Hirschmann Ms30 0802saap, Hirschmann Ms30 1602saae, Hirschmann Octopus 16m, Hirschmann Octopus 16m 8poe, Hirschmann Octopus 16m Train, Hirschmann Octopus 16m Train Bp, Hirschmann Octopus 24m, Hirschmann Octopus 24m 8 Poe, Hirschmann Octopus 24m Train, Hirschmann Octopus 24m Train Bp, Hirschmann Octopus 5tx Eec, Hirschmann Octopus 8m, Hirschmann Octopus 8m 6poe, Hirschmann Octopus 8m 8poe, Hirschmann Octopus 8m Train, Hirschmann Octopus 8m Train Bp, Hirschmann Octopus 8tx Eec, Hirschmann Octopus 8tx Poe Eec, Hirschmann Octopus Os20 000900t5t5tafbhh, Hirschmann Octopus Os20 000900t5t5tnebhh, Hirschmann Octopus Os20 0010001m1mtrephh, Hirschmann Octopus Os20 0010001s1strephh, Hirschmann Octopus Os20 0010004m4mtrephh, Hirschmann Octopus Os20 0010004s4strephh, Hirschmann Octopus Os20 001000t5t5tafuhb, Hirschmann Octopus Os20 001000t5t5tneuhb, Hirschmann Octopus Os24 080900t5t5tffbhh, Hirschmann Octopus Os24 080900t5t5tnebhh, Hirschmann Octopus Os24 081000t5t5tffuhb, Hirschmann Octopus Os24 081000t5t5tneuhb, Hirschmann Octopus Os30, Hirschmann Octopus Os30 0008021a1atrephh, Hirschmann Octopus Os30 0008021b1btrephh, Hirschmann Octopus Os30 0008024a4atrephh, Hirschmann Octopus Os30 0008024b4btrephh, Hirschmann Octopus Os32 080802o6o6tpephh, Hirschmann Octopus Os32 080802t6t6tpephh, Hirschmann Octopus Os32 081602o6o6tpephh, Hirschmann Octopus Os32 081602t6t6tpephh, Hirschmann Octopus Os34, Hirschmann Octopus Os3x Xx16xxx, Hirschmann Octopus Os3x Xx24xxx
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-598
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
References (4)
Source: ics-cert@hq.dhs.gov
MitigationThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party AdvisoryUS Government Resource
Timeline
No history available yet.