CVE-2018-4856 - A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions)

CVE-2018-4856

Summary

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.

References

Vulnerable Configurations

cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 09-10-2019 - 23:41)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

bid	104672
confirm	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Last major update

09-10-2019 - 23:41

Published

03-07-2018 - 14:29

Last modified

09-10-2019 - 23:41