CVE-2018-10630
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
Affected (2)
Products: Crestron: Tsw X60 Firmware, Mc3 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.001.0037.001 |
| Running on/with | Platform Versions |
|---|---|
Crestron Tsw 1060 B S | All versions |
Crestron Tsw 1060 Nc B S | All versions |
Crestron Tsw 1060 Nc W S | All versions |
Crestron Tsw 1060 W S | All versions |
Crestron Tsw 560 B S | All versions |
Crestron Tsw 560 Nc B S | All versions |
Crestron Tsw 560 Nc W S | All versions |
Crestron Tsw 560 W S | All versions |
Crestron Tsw 760 B S | All versions |
Crestron Tsw 760 Nc B S | All versions |
Crestron Tsw 760 Nc W S | All versions |
Crestron Tsw 760 W S | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.502.0047.001 |
| Running on/with | Platform Versions |
|---|---|
Crestron Mc3 | All versions |
Related CWEs
References (4)
Source: ics-cert@hq.dhs.gov
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource
Timeline
No history available yet.