CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13809

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf

Products affected by CVE-2018-13809

Siemens » Cp 1604 » Version: N/A

cpe:2.3:h:siemens:cp_1604:-
Siemens » Cp 1616 » Version: N/A

cpe:2.3:h:siemens:cp_1616:-
Siemens » Cp 1604 Firmware » Version: 2.8

cpe:2.3:o:siemens:cp_1604_firmware:2.8
Siemens » Cp 1616 Firmware » Version: 2.8

cpe:2.3:o:siemens:cp_1616_firmware:2.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13809

Products

Pricing

Contact Us