CVE-2018-4851

Published: Jul 3, 2018Modified: Nov 21, 2024

8.2

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploitability: 3.9 / Impact: 4.2

Source: NVD

Description

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.

Affected (2)

Products: Siemens: Siclock Tc400 Firmware, Siclock Tc100 Firmware

2 products

Siclock Tc400 Firmware

Siclock Tc100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc400 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc100 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc100	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/104672

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/104672

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.