For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105051 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 | Patch Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2018-08-09T00:00:00
Updated: 2018-08-14T09:57:01
Reserved: 2018-05-01T00:00:00
Link: CVE-2018-10630
JSON object: View
NVD Information
Status : Modified
Published: 2018-08-10T19:29:00.240
Modified: 2019-10-09T23:32:57.383
Link: CVE-2018-10630
JSON object: View
Redhat Information
No data.