ID
VAR-201706-0462
CVE
CVE-2017-6038
TITLE
Belden Hirschmann GECKO Cross-Site Request Forgery Vulnerability
Trust: 0.8
sources:
IVD: e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b //
CNVD: CNVD-2017-12580
DESCRIPTION
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request. BeldenHirschmannGECKO is a streamlined managed industrial Ethernet switch. The vulnerability stems from a program that failed to adequately verify the request. An attacker could exploit the vulnerability to perform unauthorized operations
Trust: 2.43
sources:
NVD: CVE-2017-6038 //
JVNDB: JVNDB-2017-005058 //
CNVD: CNVD-2017-12580 //
IVD: e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b //
VULHUB: VHN-114241
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b //
CNVD: CNVD-2017-12580
AFFECTED PRODUCTS
| vendor: | belden hirschmann | model: | gecko lite managed switch | scope: | lte | version: | 2.0.00 | Trust: 1.0 |
| vendor: | belden | model: | gecko lite managed switch | scope: | lte | version: | 2.0.00 | Trust: 0.8 |
| vendor: | belden | model: | hirschmann gecko lite managed switch | scope: | lte | version: | <=2.0.00 | Trust: 0.6 |
| vendor: | belden hirschmann | model: | gecko lite managed switch | scope: | eq | version: | 2.0.00 | Trust: 0.6 |
| vendor: | gecko lite managed switch | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b //
CNVD: CNVD-2017-12580 //
JVNDB: JVNDB-2017-005058 //
CNNVD: CNNVD-201707-036 //
NVD: CVE-2017-6038
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b //
CNVD: CNVD-2017-12580 //
VULHUB: VHN-114241 //
JVNDB: JVNDB-2017-005058 //
CNNVD: CNNVD-201707-036 //
NVD: CVE-2017-6038
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.9 |
sources:
VULHUB: VHN-114241 //
JVNDB: JVNDB-2017-005058 //
NVD: CVE-2017-6038
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201707-036
TYPE
cross-site request forgery
Trust: 0.6
sources:
CNNVD: CNNVD-201707-036
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-005058
PATCH
| title: | GECKO 4TX | url: | https://www.e-catalog.beldensolutions.com/link/57078-24455-402707-402708/en/conf/0 | Trust: 0.8 |
| title: | BeldenHirschmannGECKO cross-site request forged vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/97186 | Trust: 0.6 |
| title: | Belden Hirschmann GECKO Lite Managed Switch Fixes for cross-site request forgery vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71391 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-12580 //
JVNDB: JVNDB-2017-005058 //
CNNVD: CNNVD-201707-036
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6038 | Trust: 3.3 |
| db: | ICS CERT | id: | ICSA-17-026-02A | Trust: 3.1 |
| db: | CNNVD | id: | CNNVD-201707-036 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2017-12580 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-005058 | Trust: 0.8 |
| db: | IVD | id: | E5BAA0EA-998B-4F62-9819-2FFA9E9E9C3B | Trust: 0.2 |
| db: | VULHUB | id: | VHN-114241 | Trust: 0.1 |
sources:
IVD: e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b //
CNVD: CNVD-2017-12580 //
VULHUB: VHN-114241 //
JVNDB: JVNDB-2017-005058 //
CNNVD: CNNVD-201707-036 //
NVD: CVE-2017-6038
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-17-026-02a | Trust: 3.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6038 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6038 | Trust: 0.8 |
sources:
CNVD: CNVD-2017-12580 //
VULHUB: VHN-114241 //
JVNDB: JVNDB-2017-005058 //
CNNVD: CNNVD-201707-036 //
NVD: CVE-2017-6038
SOURCES
| db: | IVD | id: | e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b |
| db: | CNVD | id: | CNVD-2017-12580 |
| db: | VULHUB | id: | VHN-114241 |
| db: | JVNDB | id: | JVNDB-2017-005058 |
| db: | CNNVD | id: | CNNVD-201707-036 |
| db: | NVD | id: | CVE-2017-6038 |
LAST UPDATE DATE
2025-04-20T23:23:49.162000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-12580 | date: | 2017-07-04T00:00:00 |
| db: | VULHUB | id: | VHN-114241 | date: | 2019-10-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-005058 | date: | 2017-07-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201707-036 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-6038 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | IVD | id: | e5baa0ea-998b-4f62-9819-2ffa9e9e9c3b | date: | 2017-07-04T00:00:00 |
| db: | CNVD | id: | CNVD-2017-12580 | date: | 2017-07-04T00:00:00 |
| db: | VULHUB | id: | VHN-114241 | date: | 2017-06-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-005058 | date: | 2017-07-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201707-036 | date: | 2017-06-29T00:00:00 |
| db: | NVD | id: | CVE-2017-6038 | date: | 2017-06-30T03:29:00.500 |