CVE-2018-4841

Name of the Vulnerable Software and Affected Versions TIM 1531 IRC versions prior to V1.1

Description A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow causing a denial-of-service, or reading and manipulating data as well as configuration settings of the affected device. The issue is related to the incorrect implementation of the authentication algorithm. At the stage of publishing this security advisory, no public exploitation is known.

Recommendations For versions prior to V1.1, Siemens provides mitigations to resolve the issue. As a temporary workaround, consider restricting access to ports 80/tcp and 443/tcp until a patch is available.