PT-2018-16572 · Siemens · Siclock Tc400+1

Published

2018-07-03

Updated

2019-10-09

CVE-2018-4854

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SICLOCK TC100 (All versions) SICLOCK TC400 (All versions)

Description A vulnerability has been identified that allows an attacker with network access to port 69/udp to modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, the attacker could obtain code execution on the client system.

Recommendations For SICLOCK TC100, restrict access to port 69/udp to minimize the risk of exploitation. For SICLOCK TC400, restrict access to port 69/udp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2018-4854

Affected Products

Siclock Tc100

Siclock Tc400

PT-2018-16572 · Siemens · Siclock Tc400+1

CVE-2018-4854

Weakness Enumeration

Related Identifiers

Affected Products

References · 3