Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to ICS-CERT - Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001

cve-2018-10630

Vulnerability from cvelistv5

Published

2018-08-10 19:00

Modified

2024-09-16 16:52

Severity ?

Summary

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/105051	vdb-entry, x_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01	x_refsource_MISC

Impacted products

▼	Vendor	Product
	ICS-CERT	Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105051",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105051"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001",
          "vendor": "ICS-CERT",
          "versions": [
            {
              "status": "affected",
              "version": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001"
            }
          ]
        }
      ],
      "datePublic": "2018-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-14T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "105051",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105051"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-08-09T00:00:00",
          "ID": "CVE-2018-10630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ICS-CERT"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105051",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105051"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-10630",
    "datePublished": "2018-08-10T19:00:00Z",
    "dateReserved": "2018-05-01T00:00:00",
    "dateUpdated": "2024-09-16T16:52:46.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}