CVE-2018-4856

Published: Jul 3, 2018Modified: Nov 21, 2024

4.9

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.

Affected (2)

Products: Siemens: Siclock Tc400 Firmware, Siclock Tc100 Firmware

2 products

Siclock Tc400 Firmware

Siclock Tc100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc400 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Siclock Tc100 Firmware	All versions

Running on/with	Platform Versions
Siemens Siclock Tc100	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.securityfocus.com/bid/104672

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: productcert@siemens.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/104672

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.