PT-2018-16573 · Siemens · Siclock Tc400+1
Published
2018-07-03
·
Updated
2019-10-09
·
CVE-2018-4855
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SICLOCK TC100 (All versions)
SICLOCK TC400 (All versions)
Description
A vulnerability has been identified that involves the unencrypted storage of passwords in client configuration files and during network transmission. This could allow an attacker in a privileged position to obtain access passwords.
Recommendations
For SICLOCK TC100, consider encrypting passwords in client configuration files and securing network transmission to prevent unauthorized access.
For SICLOCK TC400, consider encrypting passwords in client configuration files and securing network transmission to prevent unauthorized access.
As a temporary workaround, consider restricting access to the client configuration files and network transmission to minimize the risk of exploitation.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siclock Tc100
Siclock Tc400