CVE-2018-4855

Published: Jul 3, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.

Affected (2)

Products: Siemens: Siclock Tc400 Firmware, Siclock Tc100 Firmware

2 products

Siclock Tc400 Firmware

Siclock Tc100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc400 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc100 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc100	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

http://www.securityfocus.com/bid/104672

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/104672

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.