SiemensCVE-2018-4855CVE-2018-4855
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
44.9%
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | siclock_tc400_firmware | - | cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:* |
| siemens | siclock_tc400 | - | cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:* |
| siemens | siclock_tc100_firmware | - | cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:* |
| siemens | siclock_tc100 | - | cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "SICLOCK TC100, SICLOCK TC400",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "SICLOCK TC100 : All versions"
},
{
"status": "affected",
"version": "SICLOCK TC400 : All versions"
}
]
}
]Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
44.9%