Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-4841

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.

Published

2018-03-29T13:29:00.210

Last Modified

2024-11-21T04:07:33.813

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-303
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	tim_1531_irc_firmware	< 1.1	Yes
Hardware	siemens	tim_1531_irc	-	No

References

http://www.securityfocus.com/bid/103576 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103576 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)