Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity: HIGH
Analysis Summary
Following vulnerabilities are found in Siemens CP1604 and CP1616:
CVE-2018-13808 – CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION An attacker with network access to Port 23/TCP could extract internal communication data or cause a denial-of-service condition.
CVE-2018-13809 – IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) The integrated web server of the affected CP devices could allow cross-site scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link.
CVE-2018-13810 – CROSS-SITE REQUEST FORGERY The integrated configuration web server of the affected CP devices could allow a cross-site request forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.
Impact
Affected Products
CP 1604
CP 1616
All versions prior to v2.8
Remediation