CVE-2018-13808 - OpenCVE

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Cp 1604 Cp 1604 Firmware Cp 1616 Cp 1616 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2019-04-17T13:38:34

Updated: 2024-08-05T09:14:47.234Z

Reserved: 2018-07-10T00:00:00

Link: CVE-2018-13808

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-17T14:29:02.590

Modified: 2019-07-11T22:15:10.247

Link: CVE-2018-13808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CP 1604", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "CP 1616", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known."}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization of CRLF Sequences ('CRLF Injection')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-11T21:17:46", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2018-13808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CP 1604", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "CP 1616", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "Siemens"}]}}, "cve_id": "CVE-2018-13808", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of CRLF Sequences ('CRLF Injection')"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:14:47.234Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2018-13808", "datePublished": "2019-04-17T13:38:34", "dateReserved": "2018-07-10T00:00:00", "dateUpdated": "2024-08-05T09:14:47.234Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*", "matchCriteriaId": "6148BD0D-5BD1-4182-8202-EBDB56B0D146", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DC92E3A-CA37-4D08-A0EB-71DBB4C5395A", "versionEndIncluding": "2.8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D7CC79A-1446-415F-8BFF-71C82C9256BB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D5FEC73-E96E-4945-8C0B-4A7B5B236ABD", "versionEndIncluding": "2.8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en CP 1604 (todas las versiones), CP 1616 (todas las versiones). Un atacante con acceso de red al puerto 23/tcp podr\u00eda extraer datos de comunicaci\u00f3n interna o provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La explotaci\u00f3n con \u00e9xito requiere acceso de red a un dispositivo vulnerable. En el momento de la publicaci\u00f3n consultiva, no se conoc\u00eda p\u00fablicamente la explotaci\u00f3n de esta vulnerabilidad."}], "id": "CVE-2018-13808", "lastModified": "2019-07-11T22:15:10.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-17T14:29:02.590", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}