CVE-2018-5465

high-risk

Published 2018-03-06

A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Hirschmann Octopus 16M-Train-Bp

Hirschmann Octopus 24M

Hirschmann Octopus 24M-8 Poe

Hirschmann Octopus 24M-Train

Hirschmann Octopus 24M-Train-Bp

Hirschmann Octopus 5Tx Eec

Hirschmann Octopus 8M

Hirschmann Octopus 8M-6Poe

Hirschmann Octopus 8M-8Poe

Hirschmann Octopus 8M-Train

Hirschmann Octopus 8M-Train-Bp

Hirschmann Octopus 8Tx-Eec

Hirschmann Octopus 8Tx Poe-Eec

Hirschmann Octopus Os20-000900T5T5Tafbhh

Hirschmann Octopus Os20-000900T5T5Tnebhh

Hirschmann Octopus Os20-0010001M1Mtrephh

Hirschmann Octopus Os20-0010001S1Strephh

Hirschmann Octopus Os20-0010004M4Mtrephh

Hirschmann Octopus Os20-0010004S4Strephh

Hirschmann Octopus Os20-001000T5T5Tafuhb

Affected Vendors

Belden

References (4)

Third Party Advisory http://www.securityfocus.com/bid/103340

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

Third Party Advisory http://www.securityfocus.com/bid/103340

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical