CVE-2018-5471

high-risk

Published 2018-03-06

A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (20)

Hirschmann Rs20-0900Mmm2Tdau

Hirschmann Rs20-0900Nnm4Tdau

Hirschmann Rs20-0900Vvm2Tdau

Hirschmann Rs20-1600L2L2Sdau

Hirschmann Rs20-1600L2M2Sdau

Hirschmann Rs20-1600L2S2Sdau

Hirschmann Rs20-1600L2T1Sdau

Hirschmann Rs20-1600M2M2Sdau

Hirschmann Rs20-1600M2T1Sdau

Hirschmann Rs20-1600S2M2Sdau

Hirschmann Rs20-1600S2S2Sdau

Hirschmann Rs20-1600S2T1Sdau

Hirschmann Rsr20

Hirschmann Rsr30

Hirschmann Rsb20-0800M2M2Saab

Hirschmann Rsb20-0800M2M2Saabe

Hirschmann Rsb20-0800M2M2Taab

Hirschmann Rsb20-0800M2M2Taabe

Hirschmann Rsb20-0800S2S2Saab

Hirschmann Rsb20-0800S2S2Saabe

Affected Vendors

Belden

References (4)

Third Party Advisory http://www.securityfocus.com/bid/103340

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

Third Party Advisory http://www.securityfocus.com/bid/103340

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 32/34 · Critical