CVE-2018-5471 — MEDIUM (5.9)

Vulnerability Description

A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmission of sensitive information vulnerability in the web interface has been identified, which may allow an attacker to obtain sensitive information through a successful man-in-the-middle attack.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Belden	Hirschmann Rs20-0900Mmm2Tdau	-
Belden	Hirschmann Rs20-0900Nnm4Tdau	-
Belden	Hirschmann Rs20-0900Vvm2Tdau	-
Belden	Hirschmann Rs20-1600L2L2Sdau	-
Belden	Hirschmann Rs20-1600L2M2Sdau	-
Belden	Hirschmann Rs20-1600L2S2Sdau	-
Belden	Hirschmann Rs20-1600L2T1Sdau	-
Belden	Hirschmann Rs20-1600M2M2Sdau	-
Belden	Hirschmann Rs20-1600M2T1Sdau	-
Belden	Hirschmann Rs20-1600S2M2Sdau	-
Belden	Hirschmann Rs20-1600S2S2Sdau	-
Belden	Hirschmann Rs20-1600S2T1Sdau	-
Belden	Hirschmann Rsr20	-
Belden	Hirschmann Rsr30	-
Belden	Hirschmann Rsb20-0800M2M2Saab	-
Belden	Hirschmann Rsb20-0800M2M2Saabe	-
Belden	Hirschmann Rsb20-0800M2M2Taab	-
Belden	Hirschmann Rsb20-0800M2M2Taabe	-
Belden	Hirschmann Rsb20-0800S2S2Saab	-
Belden	Hirschmann Rsb20-0800S2S2Saabe	-

Related Weaknesses (CWE)

CWE-319

References

http://www.securityfocus.com/bid/103340Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/103340Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-5471?

CVE-2018-5471 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A Cleartext Transmission of Sensitive Information issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A cleartext transmissi...

How severe is CVE-2018-5471?

CVE-2018-5471 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5471?

Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Rs20-0900Mmm2Tdau, Belden Hirschmann Rs20-0900Nnm4Tdau, Belden Hirschmann Rs20-0900Vvm2Tdau, Belden Hirschmann Rs20-1600L2L2Sdau, Belden Hirschmann Rs20-1600L2M2Sdau.