Lucene search

SiemensCVE-2018-4856

HistoryJul 03, 2018 - 2:29 p.m.

CVE-2018-4856

2018-07-0314:29:00

CWE-287

siemens

web.nvd.nist.gov

siclock

tc100

tc400

vulnerability

administrative access

management interface

lockout

nvd

cve-2018-4856

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device’s management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.

Affected configurations

Nvd

Node

siemenssiclock_tc400_firmwareMatch-

AND

siemenssiclock_tc400Match-

Node

siemenssiclock_tc100_firmwareMatch-

AND

siemenssiclock_tc100Match-

VendorProductVersionCPE
siemenssiclock_tc400_firmware-cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*
siemenssiclock_tc400-cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*
siemenssiclock_tc100_firmware-cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*
siemenssiclock_tc100-cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	siclock_tc400_firmware	-	cpe:2.3:o:siemens:siclock_tc400_firmware:-:::::::*
siemens	siclock_tc400	-	cpe:2.3:h:siemens:siclock_tc400:-:::::::*
siemens	siclock_tc100_firmware	-	cpe:2.3:o:siemens:siclock_tc100_firmware:-:::::::*
siemens	siclock_tc100	-	cpe:2.3:h:siemens:siclock_tc100:-:::::::*

CNA Affected

[
  {
    "product": "SICLOCK TC100, SICLOCK TC400",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SICLOCK TC100 : All versions"
      },
      {
        "status": "affected",
        "version": "SICLOCK TC400 : All versions"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104672

cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

Related for CVE-2018-4856