CVE-2018-4852

Published: Jul 3, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.

Affected (2)

Products: Siemens: Siclock Tc400 Firmware, Siclock Tc100 Firmware

2 products

Siclock Tc400 Firmware

Siclock Tc100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc400 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc100 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc100	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (4)

http://www.securityfocus.com/bid/104672

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/104672

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.