Sign-up

ID

VAR-201806-1409


CVE

CVE-2018-11449


TITLE

SIEMENS SCALANCE M875 Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2f30901-39ab-11e9-9802-000c29342cb1 // CNVD: CNVD-2018-11394

DESCRIPTION

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. SIEMENSSCALANCEM875 has an information disclosure vulnerability. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

Trust: 2.43

sources: NVD: CVE-2018-11449 // JVNDB: JVNDB-2018-007059 // CNVD: CNVD-2018-11394 // IVD: e2f30901-39ab-11e9-9802-000c29342cb1 // VULHUB: VHN-121309

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f30901-39ab-11e9-9802-000c29342cb1 // CNVD: CNVD-2018-11394

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m875scope:eqversion: -

Trust: 2.4

vendor:siemensmodel:scalance m875scope: - version: -

Trust: 0.6

vendor:scalance m875model: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2f30901-39ab-11e9-9802-000c29342cb1 // CNVD: CNVD-2018-11394 // JVNDB: JVNDB-2018-007059 // CNNVD: CNNVD-201806-873 // NVD: CVE-2018-11449

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11449
value: HIGH

Trust: 1.0

NVD: CVE-2018-11449
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11394
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-873
value: HIGH

Trust: 0.6

IVD: e2f30901-39ab-11e9-9802-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-121309
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-11449
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11394
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f30901-39ab-11e9-9802-000c29342cb1
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-121309
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11449
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f30901-39ab-11e9-9802-000c29342cb1 // CNVD: CNVD-2018-11394 // VULHUB: VHN-121309 // JVNDB: JVNDB-2018-007059 // CNNVD: CNNVD-201806-873 // NVD: CVE-2018-11449

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-121309 // JVNDB: JVNDB-2018-007059 // NVD: CVE-2018-11449

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-873

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-873

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007059

PATCH
title:SSA-977428url:https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf
Trust: 0.8
title:SIEMENSSCALANCEM875 patch for information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131857
Trust: 0.6
title:Siemens SCALANCE M875 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80921
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11394 // 
            
            
            
            JVNDB: JVNDB-2018-007059 // 
            
            
            
            CNNVD: CNNVD-201806-873

EXTERNAL IDS
db:NVDid:CVE-2018-11449
Trust: 3.3
db:SIEMENSid:SSA-977428
Trust: 2.3
db:CNNVDid:CNNVD-201806-873
Trust: 0.9
db:CNVDid:CNVD-2018-11394
Trust: 0.8
db:JVNDBid:JVNDB-2018-007059
Trust: 0.8
db:IVDid:E2F30901-39AB-11E9-9802-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-121309
Trust: 0.1
sources:
            
            
            IVD: e2f30901-39ab-11e9-9802-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-11394 // 
            
            
            
            VULHUB: VHN-121309 // 
            
            
            
            JVNDB: JVNDB-2018-007059 // 
            
            
            
            CNNVD: CNNVD-201806-873 // 
            
            
            
            NVD: CVE-2018-11449

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11449
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11449
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11394 // 
            
            
            
            VULHUB: VHN-121309 // 
            
            
            
            JVNDB: JVNDB-2018-007059 // 
            
            
            
            CNNVD: CNNVD-201806-873 // 
            
            
            
            NVD: CVE-2018-11449

SOURCES
db:IVDid:e2f30901-39ab-11e9-9802-000c29342cb1
db:CNVDid:CNVD-2018-11394
db:VULHUBid:VHN-121309
db:JVNDBid:JVNDB-2018-007059
db:CNNVDid:CNNVD-201806-873
db:NVDid:CVE-2018-11449

LAST UPDATE DATE
2024-11-23T22:00:28.335000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11394date:2018-06-13T00:00:00
db:VULHUBid:VHN-121309date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007059date:2018-09-06T00:00:00
db:CNNVDid:CNNVD-201806-873date:2019-10-17T00:00:00
db:NVDid:CVE-2018-11449date:2024-11-21T03:43:23.483

SOURCES RELEASE DATE
db:IVDid:e2f30901-39ab-11e9-9802-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11394date:2018-06-13T00:00:00
db:VULHUBid:VHN-121309date:2018-06-26T00:00:00
db:JVNDBid:JVNDB-2018-007059date:2018-09-06T00:00:00
db:CNNVDid:CNNVD-201806-873date:2018-06-13T00:00:00
db:NVDid:CVE-2018-11449date:2018-06-26T18:29:00.747