The vulnerability has been assigned the following identifier: CVE-2018-10877. It is recommended to upgrade to the latest version. In case the IP address has been changed, it is necessary to change it back after the upgrade.

VENDORS: In case you use the IP address management feature, make sure to check the newly assigned IP addresses as soon as possible after upgrading the software. This will prevent possible security issues caused by insecurely configured devices.

What is the Cisco IOS Software Doodle?

The Cisco IOS Software Doodle is a small animated image that changes periodically to display a message about the status of your network. This article will introduce you to the Cisco IOS Software Doodle and how it can be used in different scenarios, providing you with tips on how to increase its effectiveness.

Summary

A quick summary of the most important points to update after upgrading the software.
VENDORS: In case you use the IP address management feature, make sure to check the newly assigned IP addresses as soon as possible after upgrading the software. This will prevent possible security issues caused by insecurely configured devices.
Upgrade to the latest version.

HTTP Response Splitting (Misty)

A vulnerability found in the HTTP response splitting technology of certain versions of Siemens WinCC software has been announced. The vulnerability allows an attacker to manipulate a URL and cause an HTTP response splitting attack, which may lead to data exposure and other security vulnerabilities. The vulnerability is classified as critical, and it has been given the identifier CVE-2018-10877. To resolve this issue, it is necessary to upgrade the software.

The following steps must be taken:

1) Check if the installed version of WinCC is affected by this vulnerability:
2) Upgrade the software:
3) Re-check if the installed version of WinCC is still affected by this vulnerability:
4) If so, discontinue using the system until a solution has been found.

Software version

: 9.0.4

9.0.4 is the software version for this vulnerability and it was resolved on April 25th, 2018.

Timeline

Published on: 10/11/2022 11:15:00 UTC
Last modified on: 10/12/2022 13:32:00 UTC

References