CVE-2018-4841

Published: Mar 29, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.

Affected (1)

Products: Siemens: Tim 1531 Irc Firmware

1 product

Tim 1531 Irc Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Tim 1531 Irc Firmware	Before 1.1

Running on/with	Platform Versions
Siemens Tim 1531 Irc	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References (4)

http://www.securityfocus.com/bid/103576

Source: productcert@siemens.com

Broken LinkThird Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Source: productcert@siemens.com

Vendor Advisory

http://www.securityfocus.com/bid/103576

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.