Sign-up

ID

VAR-201904-0635


CVE

CVE-2018-13808


TITLE

CP 1604 and CP 1616 Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015276

DESCRIPTION

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A denial of service vulnerability exists in the SIEMENS CP1604 and CP1616 devices. Siemens CP1604 and CP1616 are prone to following security vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. The following products and versions are vulnerable: All versions prior to Siemens CP1604 2.8 All versions prior to Siemens CP1616 2.8

Trust: 2.7

sources: NVD: CVE-2018-13808 // JVNDB: JVNDB-2018-015276 // CNVD: CNVD-2019-00987 // BID: 106992 // IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1 // VULHUB: VHN-123904

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1 // CNVD: CNVD-2019-00987

AFFECTED PRODUCTS

vendor:siemensmodel:cp 1604scope:lteversion:2.8

Trust: 1.0

vendor:siemensmodel:cp 1616scope:lteversion:2.8

Trust: 1.0

vendor:siemensmodel:cp 1604scope:ltversion:2.8

Trust: 0.8

vendor:siemensmodel:cp 1616scope:ltversion:2.8

Trust: 0.8

vendor:siemensmodel:cp1604scope:ltversion:v2.8

Trust: 0.6

vendor:siemensmodel:cp1616scope:ltversion:v2.8

Trust: 0.6

vendor:siemensmodel:cpscope:eqversion:16162.7.2

Trust: 0.3

vendor:siemensmodel:cpscope:eqversion:16162.1

Trust: 0.3

vendor:siemensmodel:cpscope:eqversion:16042.7.2

Trust: 0.3

vendor:siemensmodel:cpscope:eqversion:16042.1

Trust: 0.3

vendor:siemensmodel:cpscope:neversion:16162.8

Trust: 0.3

vendor:siemensmodel:cpscope:neversion:16042.8

Trust: 0.3

vendor:cp 1604model: - scope:eqversion:*

Trust: 0.2

vendor:cp 1616model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1 // CNVD: CNVD-2019-00987 // BID: 106992 // JVNDB: JVNDB-2018-015276 // NVD: CVE-2018-13808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13808
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-13808
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-00987
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201902-520
value: CRITICAL

Trust: 0.6

IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-123904
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13808
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-00987
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-123904
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13808
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1 // CNVD: CNVD-2019-00987 // VULHUB: VHN-123904 // JVNDB: JVNDB-2018-015276 // CNNVD: CNNVD-201902-520 // NVD: CVE-2018-13808

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123904 // JVNDB: JVNDB-2018-015276 // NVD: CVE-2018-13808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-520

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-520

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015276

PATCH
title:SSA-559174url:https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf
Trust: 0.8
title:SIEMENS CP1604 and CP1616 device denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/149585
Trust: 0.6
title:Siemens CP1604  and CP1616 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89331
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-00987 // 
            
            
            
            JVNDB: JVNDB-2018-015276 // 
            
            
            
            CNNVD: CNNVD-201902-520

EXTERNAL IDS
db:NVDid:CVE-2018-13808
Trust: 3.6
db:SIEMENSid:SSA-559174
Trust: 2.3
db:ICS CERTid:ICSA-19-043-06
Trust: 1.7
db:CNNVDid:CNNVD-201902-520
Trust: 0.9
db:BIDid:106992
Trust: 0.9
db:CNVDid:CNVD-2019-00987
Trust: 0.8
db:JVNDBid:JVNDB-2018-015276
Trust: 0.8
db:AUSCERTid:ESB-2019.0442
Trust: 0.6
db:IVDid:7D8409C1-463F-11E9-B3C4-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-123904
Trust: 0.1
sources:
            
            
            IVD: 7d8409c1-463f-11e9-b3c4-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2019-00987 // 
            
            
            
            VULHUB: VHN-123904 // 
            
            
            
            BID: 106992 // 
            
            
            
            JVNDB: JVNDB-2018-015276 // 
            
            
            
            CNNVD: CNNVD-201902-520 // 
            
            
            
            NVD: CVE-2018-13808

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-13808
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-06
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13808
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-043-06
Trust: 0.8
url:http://www.securityfocus.com/bid/106992
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75478
Trust: 0.6
url:http://www.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-00987 // 
            
            
            
            VULHUB: VHN-123904 // 
            
            
            
            BID: 106992 // 
            
            
            
            JVNDB: JVNDB-2018-015276 // 
            
            
            
            CNNVD: CNNVD-201902-520 // 
            
            
            
            NVD: CVE-2018-13808

CREDITS
The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-520

SOURCES
db:IVDid:7d8409c1-463f-11e9-b3c4-000c29342cb1
db:CNVDid:CNVD-2019-00987
db:VULHUBid:VHN-123904
db:BIDid:106992
db:JVNDBid:JVNDB-2018-015276
db:CNNVDid:CNNVD-201902-520
db:NVDid:CVE-2018-13808

LAST UPDATE DATE
2024-11-23T22:25:57.561000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-00987date:2019-01-10T00:00:00
db:VULHUBid:VHN-123904date:2019-07-11T00:00:00
db:BIDid:106992date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-015276date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201902-520date:2019-07-16T00:00:00
db:NVDid:CVE-2018-13808date:2024-11-21T03:48:06.507

SOURCES RELEASE DATE
db:IVDid:7d8409c1-463f-11e9-b3c4-000c29342cb1date:2019-01-10T00:00:00
db:CNVDid:CNVD-2019-00987date:2019-01-10T00:00:00
db:VULHUBid:VHN-123904date:2019-04-17T00:00:00
db:BIDid:106992date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-015276date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201902-520date:2019-02-12T00:00:00
db:NVDid:CVE-2018-13808date:2019-04-17T14:29:02.590