6.5

CVE-2018-4855

EPSS 0.14%
Veröffentlicht 03.07.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 04:07:35
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Siclock Tc400 Firmware Version-

Siemens ≫ Siclock Tc400 Version-

Siemens ≫ Siclock Tc100 Firmware Version-

Siemens ≫ Siclock Tc100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.31

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

http://www.securityfocus.com/bid/104672

Third Party Advisory

VDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-4855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-4855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-4855

EUVD