4.9

CVE-2018-4856

EPSS 0.23%
Published 03.07.2018 14:29:00
Last modified 21.11.2024 04:07:35
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Siclock Tc400 Firmware Version-

Siemens ≫ Siclock Tc400 Version-

Siemens ≫ Siclock Tc100 Firmware Version-

Siemens ≫ Siclock Tc100 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.431

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/104672

Third Party Advisory

VDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-4856

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-4856

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-4856

EUVD