CVE-2018-11449: XSS
First published: Tue Jun 26 2018(Updated: )
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SCALANCE M875 | ||
| Siemens Scalance M875 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-11449?
CVE-2018-11449 has been rated with a medium severity level due to its potential impact on administrative security.
How do I fix CVE-2018-11449?
To mitigate CVE-2018-11449, restrict access to the local file system to ensure unauthorized users cannot read sensitive files.
What systems are affected by CVE-2018-11449?
CVE-2018-11449 affects all versions of the Siemens SCALANCE M875.
What could happen if CVE-2018-11449 is exploited?
If CVE-2018-11449 is successfully exploited, an attacker could obtain administrative user passwords.
Who should monitor for CVE-2018-11449?
Organizations using Siemens SCALANCE M875 should monitor for CVE-2018-11449 to protect their administrative credentials.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/siemens
- canonical/siemens scalance m875 firmware
- canonical/siemens scalance m875