SCALANCE M875 における情報漏えいに関する脆弱性
| Title |
SCALANCE M875 における情報漏えいに関する脆弱性
|
| Summary |
SCALANCE M875 には、情報漏えいに関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
June 12, 2018, midnight |
| Registration Date |
Sept. 20, 2018, 3:55 p.m. |
| Last Update |
Sept. 20, 2018, 3:55 p.m. |
|
CVSS3.0 : 警告
|
| Score |
4.9
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
4
|
| Vector |
AV:N/AC:L/Au:S/C:P/I:N/A:N |
Affected System
| シーメンス |
|
SCALANCE M875 ファームウェア 全てのバージョン
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年09月20日]
掲載 |
Sept. 20, 2018, 3:55 p.m. |
NVD Vulnerability Information
CVE-2018-4861
| Summary |
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
|
| Publication Date |
June 27, 2018, 3:29 a.m. |
| Registration Date |
March 1, 2021, 7:29 p.m. |
| Last Update |
Nov. 21, 2024, 1:07 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:o:siemens:scalance_m875_firmware:*:*:*:*:*:*:*:* |
|
|
|
|
| execution environment |
| 1 |
cpe:2.3:h:siemens:scalance_m875:*:*:*:*:*:*:*:* |
Related information, measures and tools
Common Vulnerabilities List