CVE-2018-4835 - OpenCVE

A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Telecontrol Server Basic

Configuration 1 [-]

cpe:2.3:a:siemens:telecontrol_server_basic:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/102894	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102904	Third Party Advisory VDB Entry
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2018-01-25T00:00:00

Updated: 2018-02-03T10:57:01

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4835

JSON object: View

NVD Information

Status : Modified

Published: 2018-01-25T14:29:00.320

Modified: 2019-10-09T23:41:00.327

Link: CVE-2018-4835

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "TeleControl Server Basic", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions < V3.1"}]}], "datePublic": "2018-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-02-03T10:57:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}, {"name": "102894", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102894"}, {"name": "102904", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102904"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "DATE_PUBLIC": "2018-01-25T00:00:00", "ID": "CVE-2018-4835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TeleControl Server Basic", "version": {"version_data": [{"version_value": "All versions < V3.1"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287: Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}, {"name": "102894", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102894"}, {"name": "102904", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102904"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2018-4835", "datePublished": "2018-01-25T00:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2018-02-03T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:telecontrol_server_basic:*:*:*:*:*:*:*:*", "matchCriteriaId": "E31D80D0-A773-45F5-8155-43861100BC48", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en TeleControl Server Basic en versiones anteriores a la 3.1. Un atacante con acceso de red al puerto 8000/tcp de TeleControl Server Basic podr\u00eda evadir el mecanismo de autenticaci\u00f3n y leer informaci\u00f3n limitada."}], "id": "CVE-2018-4835", "lastModified": "2019-10-09T23:41:00.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-25T14:29:00.320", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102894"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102904"}, {"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "productcert@siemens.com", "type": "Secondary"}]}