PT-2018-16573 · Siemens · Siclock Tc400+1
Publicado
2018-07-03
·
Atualizado
2019-10-09
·
CVE-2018-4855
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SICLOCK TC100 (All versions)
SICLOCK TC400 (All versions)
Description
A vulnerability has been identified that involves the unencrypted storage of passwords in client configuration files and during network transmission. This could allow an attacker in a privileged position to obtain access passwords.
Recommendations
For SICLOCK TC100, consider encrypting passwords in client configuration files and securing network transmission to prevent unauthorized access.
For SICLOCK TC400, consider encrypting passwords in client configuration files and securing network transmission to prevent unauthorized access.
As a temporary workaround, consider restricting access to the client configuration files and network transmission to minimize the risk of exploitation.
Correção
Missing Encryption of Sensitive Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Siclock Tc100
Siclock Tc400