CVE-2018-5471 - Vulnerability Details

A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00049.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Hirschmann Automation and Control GmbH Classic Platform Switches

affected

Version	Status	Constraints
`Hirschmann Automation and Control GmbH Classic Platform Switches`	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:belden:hirschmann_rs20-0900mmm2tdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-0900nnm4tdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-0900vvm2tdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600l2l2sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600l2m2sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600l2s2sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600l2t1sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600m2m2sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600m2t1sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600s2m2sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600s2s2sdau:-:::::::*
	cpe:2.3:h:belden:hirschmann_rs20-1600s2t1sdau:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:h:belden:hirschmann_rsr20:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsr30:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:h:belden:hirschmann_rsb20-0800m2m2saab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800m2m2saabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800m2m2taab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800m2m2taabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800s2s2saab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800s2s2saabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800s2s2taab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800s2s2taabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800t1t1saab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800t1t1saabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800t1t1taab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0800t1t1taabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900m2ttsaab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900m2ttsaabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900m2tttaab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900m2tttaabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900mmm2saab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900mmm2saabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900mmm2taab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900mmm2taabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900s2ttsaab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900s2ttsaabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900s2tttaab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900s2tttaabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900vvm2saab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900vvm2saabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900vvm2taab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900vvm2taabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900zzz6saab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900zzz6saabe:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900zzz6taab:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsb20-0900zzz6taabe:-:::::::*

Configuration 4 [-]

OR	cpe:2.3:h:belden:hirschmann_m1-8mm-sc:-:::::::*
	cpe:2.3:h:belden:hirschmann_m1-8sfp:-:::::::*
	cpe:2.3:h:belden:hirschmann_m1-8sm-sc:-:::::::*
	cpe:2.3:h:belden:hirschmann_m1-8tp-rj45:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach102-24tp-f:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach102-24tp-fr:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach102-8tp:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach102-8tp-f:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach102-8tp-fr:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach102-8tp-r:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_\+2x:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_\+2x-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_\+2x_-e:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_\+2x_-e-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_\+2x_-r:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_\+2x_-r-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_-e:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_-e-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_-r:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-16tx-poep_-r-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-20tx-f:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-20tx-f-4poe:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-20tx-f-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-20tx-fr:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach104-20tx-fr-l3p:-:::::::*

Configuration 5 [-]

OR	cpe:2.3:h:belden:hirschmann_mach4002-24g\+3x-l2p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-24g\+3x-l3e:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-24g\+3x-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-24g-l2p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-24g-l3e:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-24g-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-48g\+3x-l2p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-48g\+3x-l3e:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-48g\+3x-l3p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-48g-l2p:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-48g-l3e:-:::::::*
	cpe:2.3:h:belden:hirschmann_mach4002-48g-l3p:-:::::::*

Configuration 6 [-]

OR	cpe:2.3:h:belden:hirschmann_ms20-0800eccp:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms20-0800saae:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms20-0800saap:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms20-1600eccp:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms20-1600saae:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms20-1600saap:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms30-0802saae:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms30-0802saap:-:::::::*
	cpe:2.3:h:belden:hirschmann_ms30-1602saae:-:::::::*

Configuration 7 [-]

OR	cpe:2.3:h:belden:hirschmann_octopus_16m:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_16m-8poe:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_16m-train:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_16m-train-bp:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_24m:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_24m-8_poe:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_24m-train:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_24m-train-bp:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_5tx_eec:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8m:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8m-6poe:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8m-8poe:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8m-train:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8m-train-bp:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8tx-eec:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_8tx_poe-eec:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-000900t5t5tafbhh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-000900t5t5tnebhh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-0010001m1mtrephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-0010001s1strephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-0010004m4mtrephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-0010004s4strephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-001000t5t5tafuhb:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os20-001000t5t5tneuhb:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os24-080900t5t5tffbhh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os24-080900t5t5tnebhh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os24-081000t5t5tffuhb:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os24-081000t5t5tneuhb:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os30:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os30-0008021a1atrephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os30-0008021b1btrephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os30-0008024a4atrephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os30-0008024b4btrephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os32-080802o6o6tpephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os32-080802t6t6tpephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os32-081602o6o6tpephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os32-081602t6t6tpephh:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os34:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os3x-xx16xxx:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os3x-xx24xxx:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Belden Subscribe	Hirschmann M1-8mm-sc Subscribe Hirschmann M1-8sfp Subscribe Hirschmann M1-8sm-sc Subscribe Hirschmann M1-8tp-rj45 Subscribe Hirschmann Mach102-24tp-f Subscribe Hirschmann Mach102-24tp-fr Subscribe Hirschmann Mach102-8tp Subscribe Hirschmann Mach102-8tp-f Subscribe Hirschmann Mach102-8tp-fr Subscribe Hirschmann Mach102-8tp-r Subscribe Hirschmann Mach104-16tx-poep Subscribe Hirschmann Mach104-16tx-poep-l3p Subscribe Hirschmann Mach104-16tx-poep -e Subscribe Hirschmann Mach104-16tx-poep -e-l3p Subscribe Hirschmann Mach104-16tx-poep -r Subscribe Hirschmann Mach104-16tx-poep -r-l3p Subscribe Hirschmann Mach104-16tx-poep \+2x Subscribe Hirschmann Mach104-16tx-poep \+2x-l3p Subscribe Hirschmann Mach104-16tx-poep \+2x -e Subscribe Hirschmann Mach104-16tx-poep \+2x -e-l3p Subscribe Hirschmann Mach104-16tx-poep \+2x -r Subscribe Hirschmann Mach104-16tx-poep \+2x -r-l3p Subscribe Hirschmann Mach104-20tx-f Subscribe Hirschmann Mach104-20tx-f-4poe Subscribe Hirschmann Mach104-20tx-f-l3p Subscribe Hirschmann Mach104-20tx-fr Subscribe Hirschmann Mach104-20tx-fr-l3p Subscribe Hirschmann Mach4002-24g-l2p Subscribe Hirschmann Mach4002-24g-l3e Subscribe Hirschmann Mach4002-24g-l3p Subscribe Hirschmann Mach4002-24g\+3x-l2p Subscribe Hirschmann Mach4002-24g\+3x-l3e Subscribe Hirschmann Mach4002-24g\+3x-l3p Subscribe Hirschmann Mach4002-48g-l2p Subscribe Hirschmann Mach4002-48g-l3e Subscribe Hirschmann Mach4002-48g-l3p Subscribe Hirschmann Mach4002-48g\+3x-l2p Subscribe Hirschmann Mach4002-48g\+3x-l3e Subscribe Hirschmann Mach4002-48g\+3x-l3p Subscribe Hirschmann Ms20-0800eccp Subscribe Hirschmann Ms20-0800saae Subscribe Hirschmann Ms20-0800saap Subscribe Hirschmann Ms20-1600eccp Subscribe Hirschmann Ms20-1600saae Subscribe Hirschmann Ms20-1600saap Subscribe Hirschmann Ms30-0802saae Subscribe Hirschmann Ms30-0802saap Subscribe Hirschmann Ms30-1602saae Subscribe Hirschmann Octopus 16m Subscribe Hirschmann Octopus 16m-8poe Subscribe Hirschmann Octopus 16m-train Subscribe Hirschmann Octopus 16m-train-bp Subscribe Hirschmann Octopus 24m Subscribe Hirschmann Octopus 24m-8 Poe Subscribe Hirschmann Octopus 24m-train Subscribe Hirschmann Octopus 24m-train-bp Subscribe Hirschmann Octopus 5tx Eec Subscribe Hirschmann Octopus 8m Subscribe Hirschmann Octopus 8m-6poe Subscribe Hirschmann Octopus 8m-8poe Subscribe Hirschmann Octopus 8m-train Subscribe Hirschmann Octopus 8m-train-bp Subscribe Hirschmann Octopus 8tx-eec Subscribe Hirschmann Octopus 8tx Poe-eec Subscribe Hirschmann Octopus Os20-000900t5t5tafbhh Subscribe Hirschmann Octopus Os20-000900t5t5tnebhh Subscribe Hirschmann Octopus Os20-0010001m1mtrephh Subscribe Hirschmann Octopus Os20-0010001s1strephh Subscribe Hirschmann Octopus Os20-0010004m4mtrephh Subscribe Hirschmann Octopus Os20-0010004s4strephh Subscribe Hirschmann Octopus Os20-001000t5t5tafuhb Subscribe Hirschmann Octopus Os20-001000t5t5tneuhb Subscribe Hirschmann Octopus Os24-080900t5t5tffbhh Subscribe Hirschmann Octopus Os24-080900t5t5tnebhh Subscribe Hirschmann Octopus Os24-081000t5t5tffuhb Subscribe Hirschmann Octopus Os24-081000t5t5tneuhb Subscribe Hirschmann Octopus Os30 Subscribe Hirschmann Octopus Os30-0008021a1atrephh Subscribe Hirschmann Octopus Os30-0008021b1btrephh Subscribe Hirschmann Octopus Os30-0008024a4atrephh Subscribe Hirschmann Octopus Os30-0008024b4btrephh Subscribe Hirschmann Octopus Os32-080802o6o6tpephh Subscribe Hirschmann Octopus Os32-080802t6t6tpephh Subscribe Hirschmann Octopus Os32-081602o6o6tpephh Subscribe Hirschmann Octopus Os32-081602t6t6tpephh Subscribe Hirschmann Octopus Os34 Subscribe Hirschmann Octopus Os3x-xx16xxx Subscribe Hirschmann Octopus Os3x-xx24xxx Subscribe Hirschmann Rs20-0900mmm2tdau Subscribe Hirschmann Rs20-0900nnm4tdau Subscribe Hirschmann Rs20-0900vvm2tdau Subscribe Hirschmann Rs20-1600l2l2sdau Subscribe Hirschmann Rs20-1600l2m2sdau Subscribe Hirschmann Rs20-1600l2s2sdau Subscribe Hirschmann Rs20-1600l2t1sdau Subscribe Hirschmann Rs20-1600m2m2sdau Subscribe Hirschmann Rs20-1600m2t1sdau Subscribe Hirschmann Rs20-1600s2m2sdau Subscribe Hirschmann Rs20-1600s2s2sdau Subscribe Hirschmann Rs20-1600s2t1sdau Subscribe Hirschmann Rsb20-0800m2m2saab Subscribe Hirschmann Rsb20-0800m2m2saabe Subscribe Hirschmann Rsb20-0800m2m2taab Subscribe Hirschmann Rsb20-0800m2m2taabe Subscribe Hirschmann Rsb20-0800s2s2saab Subscribe Hirschmann Rsb20-0800s2s2saabe Subscribe Hirschmann Rsb20-0800s2s2taab Subscribe Hirschmann Rsb20-0800s2s2taabe Subscribe Hirschmann Rsb20-0800t1t1saab Subscribe Hirschmann Rsb20-0800t1t1saabe Subscribe Hirschmann Rsb20-0800t1t1taab Subscribe Hirschmann Rsb20-0800t1t1taabe Subscribe Hirschmann Rsb20-0900m2ttsaab Subscribe Hirschmann Rsb20-0900m2ttsaabe Subscribe Hirschmann Rsb20-0900m2tttaab Subscribe Hirschmann Rsb20-0900m2tttaabe Subscribe Hirschmann Rsb20-0900mmm2saab Subscribe Hirschmann Rsb20-0900mmm2saabe Subscribe Hirschmann Rsb20-0900mmm2taab Subscribe Hirschmann Rsb20-0900mmm2taabe Subscribe Hirschmann Rsb20-0900s2ttsaab Subscribe Hirschmann Rsb20-0900s2ttsaabe Subscribe Hirschmann Rsb20-0900s2tttaab Subscribe Hirschmann Rsb20-0900s2tttaabe Subscribe Hirschmann Rsb20-0900vvm2saab Subscribe Hirschmann Rsb20-0900vvm2saabe Subscribe Hirschmann Rsb20-0900vvm2taab Subscribe Hirschmann Rsb20-0900vvm2taabe Subscribe Hirschmann Rsb20-0900zzz6saab Subscribe Hirschmann Rsb20-0900zzz6saabe Subscribe Hirschmann Rsb20-0900zzz6taab Subscribe Hirschmann Rsb20-0900zzz6taabe Subscribe Hirschmann Rsr20 Subscribe Hirschmann Rsr30 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2018-17241	A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/103340
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-03-06T21:00:00

Updated: 2024-08-05T05:33:44.433Z

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-06T21:29:00.440

Modified: 2024-11-21T04:08:52.027

Link: CVE-2018-5471

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-319

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object