CVE-2018-4854

2018-07-0314:00:00

CWE-306

siemens

www.cve.org

AI Score

8.8

Confidence

High

EPSS

0.003

Percentile

67.8%

JSON

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.

CNA Affected

[
  {
    "product": "SICLOCK TC100, SICLOCK TC400",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SICLOCK TC100 : All versions"
      },
      {
        "status": "affected",
        "version": "SICLOCK TC400 : All versions"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104672

cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf