VAR-201904-0637
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site request forgery vulnerability.Information may be tampered with. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. Siemens CP1604 and CP1616 are prone to following security vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. The following products and versions are vulnerable: All versions prior to Siemens CP1604 2.8 All versions prior to Siemens CP1616 2.8. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0637",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cp 1604",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1604",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp 1616",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "cp1604",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.1"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.7.2"
},
{
"model": "cp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.1"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16162.8"
},
{
"model": "cp",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "16042.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp 1616",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1604_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1604:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp_1616_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:cp_1616:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
],
"trust": 0.6
},
"cve": "CVE-2018-13810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13810",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00989",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-123907",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13810",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13810",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-00989",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-526",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-123907",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site request forgery vulnerability.Information may be tampered with. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. Siemens CP1604 and CP1616 are prone to following security vulnerabilities:\n1. An information disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A cross-site request-forgery vulnerability\nAttackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. \nThe following products and versions are vulnerable:\nAll versions prior to Siemens CP1604 2.8\nAll versions prior to Siemens CP1616 2.8. The vulnerability stems from the fact that the WEB application does not fully verify whether the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123907"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13810",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-559174",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-06",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526",
"trust": 0.9
},
{
"db": "BID",
"id": "106992",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-00989",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0442",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D8457DE-463F-11E9-A2A6-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-123907",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"id": "VAR-201904-0637",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
}
],
"trust": 1.7125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
}
]
},
"last_update_date": "2023-12-18T12:28:24.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-559174",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"title": "Patch for cross-site request forgery vulnerability for SIEMENS CP1604 and CP1616 devices",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/149597"
},
{
"title": "Siemens CP1604 and CP1616 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89337"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13810"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-06"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13810"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-043-06"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/106992"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75478"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"db": "VULHUB",
"id": "VHN-123907"
},
{
"db": "BID",
"id": "106992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "IVD",
"id": "7d8457de-463f-11e9-a2a6-000c29342cb1"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-123907"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"date": "2019-04-17T14:29:03.230000",
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00989"
},
{
"date": "2019-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-123907"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "106992"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015273"
},
{
"date": "2019-07-11T22:15:10.873000",
"db": "NVD",
"id": "CVE-2018-13810"
},
{
"date": "2019-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CP 1604 and CP 1616 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015273"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-526"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…