Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cnvd-2018-01794
Vulnerability from cnvd
Title
Siemens DESIGO PX固件文件上传漏洞
Description
SIEMENS楼宇自控系统Desigo PX可编程自动化站提供灵活的解决方案,能够发出报警信号、基于时间的日志记录程序和趋势,可随时修改或扩展。
Siemens DESIGO PX固件存在文件上传漏洞,未经身份验证的远程攻击者利用该漏洞上传恶意固件。
Severity
高
VLAI Severity ?
Patch Name
Siemens DESIGO PX固件文件上传漏洞的补丁
Patch Description
SIEMENS楼宇自控系统Desigo PX可编程自动化站提供灵活的解决方案,能够发出报警信号、基于时间的日志记录程序和趋势,可随时修改或扩展。
Siemens DESIGO PX固件存在文件上传漏洞,未经身份验证的远程攻击者利用该漏洞上传恶意固件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: https://www.siemens.com/cert/advisories
Reference
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf
Impacted products
| Name | ['Siemens Desigo Automation Controllers Compact PXC12/22/36-E.D <6.00.204', 'Siemens Desigo Automation Controllers Modular PXC00/50/100/200-E.D <6.00.204', 'Siemens Desigo Automation Controllers PXC00/64/128-U with Web module <6.00.204', 'Siemens Desigo Operator Unit PXM20-E <6.00.204'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-4834"
}
},
"description": "SIEMENS\u697c\u5b87\u81ea\u63a7\u7cfb\u7edfDesigo PX\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u7ad9\u63d0\u4f9b\u7075\u6d3b\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u80fd\u591f\u53d1\u51fa\u62a5\u8b66\u4fe1\u53f7\u3001\u57fa\u4e8e\u65f6\u95f4\u7684\u65e5\u5fd7\u8bb0\u5f55\u7a0b\u5e8f\u548c\u8d8b\u52bf\uff0c\u53ef\u968f\u65f6\u4fee\u6539\u6216\u6269\u5c55\u3002 \r\n\r\nSiemens DESIGO PX\u56fa\u4ef6\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u56fa\u4ef6\u3002",
"discovererName": "Can Demirel and Melih Berk Ek \u0327sio \u0306 glu",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a \r\nhttps://www.siemens.com/cert/advisories",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-01794",
"openTime": "2018-01-25",
"patchDescription": "SIEMENS\u697c\u5b87\u81ea\u63a7\u7cfb\u7edfDesigo PX\u53ef\u7f16\u7a0b\u81ea\u52a8\u5316\u7ad9\u63d0\u4f9b\u7075\u6d3b\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u80fd\u591f\u53d1\u51fa\u62a5\u8b66\u4fe1\u53f7\u3001\u57fa\u4e8e\u65f6\u95f4\u7684\u65e5\u5fd7\u8bb0\u5f55\u7a0b\u5e8f\u548c\u8d8b\u52bf\uff0c\u53ef\u968f\u65f6\u4fee\u6539\u6216\u6269\u5c55\u3002 \r\n\r\nSiemens DESIGO PX\u56fa\u4ef6\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u56fa\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens DESIGO PX\u56fa\u4ef6\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Desigo Automation Controllers Compact PXC12/22/36-E.D \u003c6.00.204",
"Siemens Desigo Automation Controllers Modular PXC00/50/100/200-E.D \u003c6.00.204",
"Siemens Desigo Automation Controllers PXC00/64/128-U with Web module \u003c6.00.204",
"Siemens Desigo Operator Unit PXM20-E \u003c6.00.204"
]
},
"referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf",
"serverity": "\u9ad8",
"submitTime": "2018-01-25",
"title": "Siemens DESIGO PX\u56fa\u4ef6\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}
CVE-2018-4834 (GCVE-0-2018-4834)
Vulnerability from cvelistv5
Published
2018-01-24 16:00
Modified
2024-09-17 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Desigo PXC00-E.D V4.10 |
Version: All versions < V4.10.111 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Desigo PXC00-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00/64/128-U V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111 only with web module"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00/64/128-U V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171 only with web module"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00/64/128-U V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69 only with web module"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC00/64/128-U V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204 only with web module"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC001-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC001-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC001-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC001-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC100-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC100-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC100-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC100-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC12-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC12-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC12-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC12-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC200-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC200-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC200-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC200-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22.1-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22.1-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22.1-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC22.1-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC36.1-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC36.1-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC36.1-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC36.1-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC50-E.D V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC50-E.D V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC50-E.D V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXC50-E.D V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXM20-E V4.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.10.111"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXM20-E V5.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.0.171"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXM20-E V5.10",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.10.69"
}
]
},
{
"defaultStatus": "unknown",
"product": "Desigo PXM20-E V6.00",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.0.204"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC00-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC00-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC00-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions \u003c V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions \u003c V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions \u003c V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions \u003c V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC001-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC001-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC001-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC100-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC100-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC100-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC100-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC12-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC12-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC12-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC12-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC200-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC200-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC200-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC200-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC22-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC22-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC22-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC22-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC50-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC50-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC50-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC50-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXM20-E V4.10 (All versions \u003c V4.10.111), Desigo PXM20-E V5.00 (All versions \u003c V5.0.171), Desigo PXM20-E V5.10 (All versions \u003c V5.10.69), Desigo PXM20-E V6.00 (All versions \u003c V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:16:45.726Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-4834",
"datePublished": "2018-01-24T16:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-17T01:35:52.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…