GCVE - cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Westermo (`f47ec0f3-f645-57e9-881c-edbca94542ff`)
Product	Mrd 455 Din Firmware (`18ef0561-ce9f-5637-b00b-d0841de6b7dd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-12709`	vulnerable	2026-06-03 14:36:36.580358	Details available A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. Published: 2017-08-25T16:00:00.000Z Updated: 2024-08-05T18:43:56.442Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01 http://www.securityfocus.com/bid/100470	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12703`	vulnerable	2026-06-03 14:36:36.572892	Details available A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. Published: 2017-08-25T16:00:00.000Z Updated: 2024-08-05T18:43:56.419Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01 http://www.securityfocus.com/bid/100470	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5816`	vulnerable	2026-06-03 14:35:55.982958	Details available A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. Published: 2017-08-25T16:00:00.000Z Updated: 2024-08-06T01:15:10.654Z Open on db.gcve.eu Reference links https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.