CVE-2018-5461

high-risk

Published 2018-03-06

An Inadequate Encryption Strength issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An inadequate encryption strength vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Hirschmann Rs20-0900Mmm2Tdau

Hirschmann Rs20-0900Nnm4Tdau

Hirschmann Rs20-0900Vvm2Tdau

Hirschmann Rs20-1600L2L2Sdau

Hirschmann Rs20-1600L2M2Sdau

Hirschmann Rs20-1600L2S2Sdau

Hirschmann Rs20-1600L2T1Sdau

Hirschmann Rs20-1600M2M2Sdau

Hirschmann Rs20-1600M2T1Sdau

Hirschmann Rs20-1600S2M2Sdau

Hirschmann Rs20-1600S2S2Sdau

Hirschmann Rs20-1600S2T1Sdau

Hirschmann Rsr20

Hirschmann Rsr30

Hirschmann Rsb20-0800M2M2Saab

Hirschmann Rsb20-0800M2M2Saabe

Hirschmann Rsb20-0800M2M2Taab

Hirschmann Rsb20-0800M2M2Taabe

Hirschmann Rsb20-0800S2S2Saab

Hirschmann Rsb20-0800S2S2Saabe

Affected Vendors

Belden

References (4)

Third Party Advisory http://www.securityfocus.com/bid/103340

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

Third Party Advisory http://www.securityfocus.com/bid/103340

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical