{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T22:43:01.627","vulnerabilities":[{"cve":{"id":"CVE-2018-11447","sourceIdentifier":"productcert@siemens.com","published":"2018-06-26T18:29:00.650","lastModified":"2024-11-21T03:43:23.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en SCALANCE M875 (todas las versiones). La interfaz web en el puerto 443/tcp podría permitir un ataque Cross-Site Request Forgery (CSRF) si se engaña a un usuario desprevenido para que acceda a un enlace malicioso. Su explotación con éxito requiere la interacción de un usuario legítimo que tiene que estar autenticado en la interfaz web como usuario administrativo. Un ataque con éxito podría permitir que un atacante interactúe con la interfaz web como un usuario administrativo. Esto podría permitir al atacante leer o modificar la configuración del dispositivo o explotar otras vulnerabilidades que requieran la autenticación como usuario administrativo. En el momento de la publicación del advisory, no se conoce ninguna explotación pública de la vulnerabilidad de seguridad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:scalance_m875_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"880C1489-FB3E-4697-A266-377A616C6EB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:scalance_m875:-:*:*:*:*:*:*:*","matchCriteriaId":"25AFAF4D-2485-4245-BF72-99C5EC471FF4"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf","source":"productcert@siemens.com","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}