Skip to main content

Hirschmann Rs20 0900Mmm2Tdau CVE-2018-5467

MEDIUM
Use of GET Request Method With Sensitive Query Strings (CWE-598)
2018-03-06 ics-cert@hq.dhs.gov
Information Disclosure Hirschmann Rs20 0900Mmm2Tdau Hirschmann Rs20 0900Nnm4Tdau Hirschmann Rs20 0900Vvm2Tdau Hirschmann Rs20 1600L2L2Sdau Hirschmann Rs20 1600L2M2Sdau Hirschmann Rs20 1600L2S2Sdau Hirschmann Rs20 1600L2T1Sdau Hirschmann Rs20 1600M2M2Sdau Hirschmann Rs20 1600M2T1Sdau Hirschmann Rs20 1600S2M2Sdau Hirschmann Rs20 1600S2S2Sdau Hirschmann Rs20 1600S2T1Sdau Hirschmann Rsr20 Hirschmann Rsr30 Hirschmann Rsb20 0800M2M2Saab Hirschmann Rsb20 0800M2M2Saabe Hirschmann Rsb20 0800M2M2Taab Hirschmann Rsb20 0800M2M2Taabe Hirschmann Rsb20 0800S2S2Saab Hirschmann Rsb20 0800S2S2Saabe Hirschmann Rsb20 0800S2S2Taab Hirschmann Rsb20 0800S2S2Taabe Hirschmann Rsb20 0800T1T1Saab Hirschmann Rsb20 0800T1T1Saabe Hirschmann Rsb20 0800T1T1Taab Hirschmann Rsb20 0800T1T1Taabe Hirschmann Rsb20 0900M2Ttsaab Hirschmann Rsb20 0900M2Ttsaabe Hirschmann Rsb20 0900M2Tttaab Hirschmann Rsb20 0900M2Tttaabe Hirschmann Rsb20 0900Mmm2Saab Hirschmann Rsb20 0900Mmm2Saabe Hirschmann Rsb20 0900Mmm2Taab Hirschmann Rsb20 0900Mmm2Taabe Hirschmann Rsb20 0900S2Ttsaab Hirschmann Rsb20 0900S2Ttsaabe Hirschmann Rsb20 0900S2Tttaab Hirschmann Rsb20 0900S2Tttaabe Hirschmann Rsb20 0900Vvm2Saab Hirschmann Rsb20 0900Vvm2Saabe Hirschmann Rsb20 0900Vvm2Taab Hirschmann Rsb20 0900Vvm2Taabe Hirschmann Rsb20 0900Zzz6Saab Hirschmann Rsb20 0900Zzz6Saabe Hirschmann Rsb20 0900Zzz6Taab Hirschmann Rsb20 0900Zzz6Taabe Hirschmann M1 8Mm Sc Hirschmann M1 8Sfp Hirschmann M1 8Sm Sc Hirschmann M1 8Tp Rj45 Hirschmann Mach102 24Tp F Hirschmann Mach102 24Tp Fr Hirschmann Mach102 8Tp Hirschmann Mach102 8Tp F Hirschmann Mach102 8Tp Fr Hirschmann Mach102 8Tp R Hirschmann Mach104 16Tx Poep Hirschmann Mach104 16Tx Poep L3P Hirschmann Mach104 16Tx Poep 2X Hirschmann Mach104 16Tx Poep 2X L3P Hirschmann Mach104 16Tx Poep 2X E Hirschmann Mach104 16Tx Poep 2X E L3P Hirschmann Mach104 16Tx Poep 2X R Hirschmann Mach104 16Tx Poep 2X R L3P Hirschmann Mach104 16Tx Poep E Hirschmann Mach104 16Tx Poep E L3P Hirschmann Mach104 16Tx Poep R Hirschmann Mach104 16Tx Poep R L3P Hirschmann Mach104 20Tx F Hirschmann Mach104 20Tx F 4Poe Hirschmann Mach104 20Tx F L3P Hirschmann Mach104 20Tx Fr Hirschmann Mach104 20Tx Fr L3P Hirschmann Mach4002 24G 3X L2P Hirschmann Mach4002 24G 3X L3E Hirschmann Mach4002 24G 3X L3P Hirschmann Mach4002 24G L2P Hirschmann Mach4002 24G L3E Hirschmann Mach4002 24G L3P Hirschmann Mach4002 48G 3X L2P Hirschmann Mach4002 48G 3X L3E Hirschmann Mach4002 48G 3X L3P Hirschmann Mach4002 48G L2P Hirschmann Mach4002 48G L3E Hirschmann Mach4002 48G L3P Hirschmann Ms20 0800Eccp Hirschmann Ms20 0800Saae Hirschmann Ms20 0800Saap Hirschmann Ms20 1600Eccp Hirschmann Ms20 1600Saae Hirschmann Ms20 1600Saap Hirschmann Ms30 0802Saae Hirschmann Ms30 0802Saap Hirschmann Ms30 1602Saae Hirschmann Octopus 16M Hirschmann Octopus 16M 8Poe Hirschmann Octopus 16M Train Hirschmann Octopus 16M Train Bp Hirschmann Octopus 24M Hirschmann Octopus 24M 8 Poe Hirschmann Octopus 24M Train Hirschmann Octopus 24M Train Bp Hirschmann Octopus 5Tx Eec Hirschmann Octopus 8M Hirschmann Octopus 8M 6Poe Hirschmann Octopus 8M 8Poe Hirschmann Octopus 8M Train Hirschmann Octopus 8M Train Bp Hirschmann Octopus 8Tx Eec Hirschmann Octopus 8Tx Poe Eec Hirschmann Octopus Os20 000900T5T5Tafbhh Hirschmann Octopus Os20 000900T5T5Tnebhh Hirschmann Octopus Os20 0010001M1Mtrephh Hirschmann Octopus Os20 0010001S1Strephh Hirschmann Octopus Os20 0010004M4Mtrephh Hirschmann Octopus Os20 0010004S4Strephh Hirschmann Octopus Os20 001000T5T5Tafuhb Hirschmann Octopus Os20 001000T5T5Tneuhb Hirschmann Octopus Os24 080900T5T5Tffbhh Hirschmann Octopus Os24 080900T5T5Tnebhh Hirschmann Octopus Os24 081000T5T5Tffuhb Hirschmann Octopus Os24 081000T5T5Tneuhb Hirschmann Octopus Os30 Hirschmann Octopus Os30 0008021A1Atrephh Hirschmann Octopus Os30 0008021B1Btrephh Hirschmann Octopus Os30 0008024A4Atrephh Hirschmann Octopus Os30 0008024B4Btrephh Hirschmann Octopus Os32 080802O6O6Tpephh Hirschmann Octopus Os32 080802T6T6Tpephh Hirschmann Octopus Os32 081602O6O6Tpephh Hirschmann Octopus Os32 081602T6T6Tpephh Hirschmann Octopus Os34 Hirschmann Octopus Os3X Xx16Xxx Hirschmann Octopus Os3X Xx24Xxx
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 06, 2018 - 21:29 nvd
MEDIUM 6.5

DescriptionNVD

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.

AnalysisAI

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-598. An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. Affected products include: Belden Hirschmann Rs20-0900Mmm2Tdau, Belden Hirschmann Rs20-0900Nnm4Tdau, Belden Hirschmann Rs20-0900Vvm2Tdau, Belden Hirschmann Rs20-1600L2L2Sdau, Belden Hirschmann Rs20-1600L2M2Sdau.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2018-5467 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy