PT-2018-16569 · Siemens · Siclock Tc400+1

Published

2018-07-03

Updated

2019-10-09

CVE-2018-4851

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions SICLOCK TC100 (All versions) SICLOCK TC400 (All versions)

Description A vulnerability has been identified that could allow an attacker with network access to cause a Denial-of-Service condition by sending certain packets to the device. This could lead to potential reboots of the device and impact its core functionality. However, the time serving functionality recovers once time synchronization with GPS devices or other NTP servers is completed.

Recommendations For SICLOCK TC100, restrict network access to the device until a fix is available. For SICLOCK TC400, restrict network access to the device until a fix is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-20

Related Identifiers

CVE-2018-4851

Affected Products

Siclock Tc100

Siclock Tc400

PT-2018-16569 · Siemens · Siclock Tc400+1

CVE-2018-4851

Weakness Enumeration

Related Identifiers

Affected Products

References · 3