cvelistv5 - cve-2018-4852

CVE-2018-4852 (GCVE-0-2018-4852)

Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2024-09-17 03:07

Summary

Severity ?

No CVSS data available.

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

siemens

References

URL

Tags

	http://www.securityfocus.com/bid/104672	vdb-entryx_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Siemens AG	SICLOCK TC100, SICLOCK TC400	Affected: SICLOCK TC100 : All versions Affected: SICLOCK TC400 : All versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104672",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104672"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SICLOCK TC100, SICLOCK TC400",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SICLOCK TC100 : All versions"
            },
            {
              "status": "affected",
              "version": "SICLOCK TC400 : All versions"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "104672",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104672"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2018-4852",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SICLOCK TC100, SICLOCK TC400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SICLOCK TC100 : All versions"
                          },
                          {
                            "version_value": "SICLOCK TC400 : All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104672",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104672"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-4852",
    "datePublished": "2018-07-03T14:00:00Z",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-09-17T03:07:34.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"623964CC-A572-43D4-B1A8-728BBFDDCE80\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BCF92CE-8978-409E-B37B-B8CFBD070450\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DBC06E1-89FB-4A17-A144-EC08C55E3301\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF13B571-98B9-4632-A275-A835DDCB5AD1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Un atacante con acceso de red al dispositivo podr\\u00eda omitir el mecanismo de autenticaci\\u00f3n si dicho atacante puede obtener informaci\\u00f3n espec\\u00edfica del dispositivo atacado.\"}]",
      "id": "CVE-2018-4852",
      "lastModified": "2024-11-21T04:07:35.270",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-03T14:29:00.290",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104672\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104672\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4852\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2018-07-03T14:29:00.290\",\"lastModified\":\"2024-11-21T04:07:35.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Un atacante con acceso de red al dispositivo podr\u00eda omitir el mecanismo de autenticaci\u00f3n si dicho atacante puede obtener informaci\u00f3n espec\u00edfica del dispositivo atacado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623964CC-A572-43D4-B1A8-728BBFDDCE80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BCF92CE-8978-409E-B37B-B8CFBD070450\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DBC06E1-89FB-4A17-A144-EC08C55E3301\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF13B571-98B9-4632-A275-A835DDCB5AD1\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104672\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104672\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2018-4852

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4852

Aliases

CVE-2018-4852

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4852",
    "description": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.",
    "id": "GSD-2018-4852"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4852"
      ],
      "details": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.",
      "id": "GSD-2018-4852",
      "modified": "2023-12-13T01:22:28.381797Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "DATE_PUBLIC": "2018-07-03T00:00:00",
        "ID": "CVE-2018-4852",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SICLOCK TC100, SICLOCK TC400",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SICLOCK TC100 : All versions"
                        },
                        {
                          "version_value": "SICLOCK TC400 : All versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104672",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104672"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-4852"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
            },
            {
              "name": "104672",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104672"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:41Z",
      "publishedDate": "2018-07-03T14:29Z"
    }
  }
}

VAR-201807-2188

Vulnerability from variot - Updated: 2023-12-18 12:01

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device. SICLOCK TC100 and SICLOCK TC400 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SICROCK product line offers components for synchronizing plant and system time. The Siemens SICLOCK TC product has a bypass certification vulnerability. Allows an attacker to read and modify device configuration. Siemens SICLOCK TC Devices are prone to the following multiple security vulnerabilities: 1. A denial-of-Service vulnerability 2. An authentication-bypass vulnerability 3. A remote code-execution vulnerability 4. Multiple security-bypass vulnerabilities 5. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany's Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN. A security vulnerability exists in Siemens SICLOCK TC100 and SICLOCK TC400

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2188",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "siclock tc100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc400",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc100",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc400",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "siclock tc100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "siclock tc400",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "siclock tc100",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "104672"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-4852",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-4852",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2018-12502",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "e2f63d50-39ab-11e9-92da-000c29342cb1",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-134883",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4852",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4852",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-12502",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-167",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e2f63d50-39ab-11e9-92da-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134883",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-4852",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device. SICLOCK TC100 and SICLOCK TC400 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SICROCK product line offers components for synchronizing plant and system time. The Siemens SICLOCK TC product has a bypass certification vulnerability. Allows an attacker to read and modify device configuration. Siemens SICLOCK TC Devices are prone to the following multiple security vulnerabilities:\n1. A denial-of-Service vulnerability\n2. An authentication-bypass vulnerability\n3. A remote code-execution vulnerability\n4. Multiple security-bypass vulnerabilities\n5. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany\u0027s Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN. A security vulnerability exists in Siemens SICLOCK TC100 and SICLOCK TC400",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4852"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4852",
        "trust": 3.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-197012",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "104672",
        "trust": 2.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2F63D50-39AB-11E9-92DA-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4852",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4852"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "id": "VAR-201807-2188",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      }
    ],
    "trust": 1.52
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:01:27.393000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-197012",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
      },
      {
        "title": "Siemens SICLOCK TC products bypass the patch for certification vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/133419"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/104672"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4852"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4852"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145773"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4852"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-4852"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-04T00:00:00",
        "db": "IVD",
        "id": "e2f63d50-39ab-11e9-92da-000c29342cb1"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4852"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "BID",
        "id": "104672"
      },
      {
        "date": "2018-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "date": "2018-07-03T14:29:00.290000",
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12502"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134883"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-4852"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "BID",
        "id": "104672"
      },
      {
        "date": "2018-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      },
      {
        "date": "2019-10-09T23:41:02.640000",
        "db": "NVD",
        "id": "CVE-2018-4852"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SICLOCK TC100 and  SICLOCK TC400 Authentication vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007859"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-167"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-12502

Vulnerability from cnvd - Published: 2018-07-04

Title

Siemens SICLOCK TC产品绕过认证漏洞

Description

SICROCK产品系列提供了用于同步工厂和系统时间的组件。 Siemens SICLOCK TC产品存在绕过认证漏洞。允许攻击者进行读取和修改设备配置。

Severity

高

Patch Name

Siemens SICLOCK TC产品绕过认证漏洞的补丁

Patch Description

SICROCK产品系列提供了用于同步工厂和系统时间的组件。 Siemens SICLOCK TC产品存在绕过认证漏洞。允许攻击者进行读取和修改设备配置。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Impacted products

Name
['Siemens SICLOCK TC100', 'Siemens SICLOCK TC400']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4852"
    }
  },
  "description": "SICROCK\u4ea7\u54c1\u7cfb\u5217\u63d0\u4f9b\u4e86\u7528\u4e8e\u540c\u6b65\u5de5\u5382\u548c\u7cfb\u7edf\u65f6\u95f4\u7684\u7ec4\u4ef6\u3002\r\n\r\nSiemens SICLOCK TC\u4ea7\u54c1\u5b58\u5728\u7ed5\u8fc7\u8ba4\u8bc1\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u8fdb\u884c\u8bfb\u53d6\u548c\u4fee\u6539\u8bbe\u5907\u914d\u7f6e\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12502",
  "openTime": "2018-07-04",
  "patchDescription": "SICROCK\u4ea7\u54c1\u7cfb\u5217\u63d0\u4f9b\u4e86\u7528\u4e8e\u540c\u6b65\u5de5\u5382\u548c\u7cfb\u7edf\u65f6\u95f4\u7684\u7ec4\u4ef6\u3002\r\n\r\nSiemens SICLOCK TC\u4ea7\u54c1\u5b58\u5728\u7ed5\u8fc7\u8ba4\u8bc1\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u8fdb\u884c\u8bfb\u53d6\u548c\u4fee\u6539\u8bbe\u5907\u914d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICLOCK TC\u4ea7\u54c1\u7ed5\u8fc7\u8ba4\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SICLOCK TC100",
      "Siemens SICLOCK TC400"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-04",
  "title": "Siemens SICLOCK TC\u4ea7\u54c1\u7ed5\u8fc7\u8ba4\u8bc1\u6f0f\u6d1e"
}

FKIE_CVE-2018-4852

Vulnerability from fkie_nvd - Published: 2018-07-03 14:29 - Updated: 2024-11-21 04:07

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/104672	Third Party Advisory, VDB Entry
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104672	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	siclock_tc400_firmware	-
siemens	siclock_tc400	-
siemens	siclock_tc100_firmware	-
siemens	siclock_tc100	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "623964CC-A572-43D4-B1A8-728BBFDDCE80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BCF92CE-8978-409E-B37B-B8CFBD070450",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DBC06E1-89FB-4A17-A144-EC08C55E3301",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF13B571-98B9-4632-A275-A835DDCB5AD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Un atacante con acceso de red al dispositivo podr\u00eda omitir el mecanismo de autenticaci\u00f3n si dicho atacante puede obtener informaci\u00f3n espec\u00edfica del dispositivo atacado."
    }
  ],
  "id": "CVE-2018-4852",
  "lastModified": "2024-11-21T04:07:35.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T14:29:00.290",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104672"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-288"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-25MM-W8QR-QM89

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-03T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.",
  "id": "GHSA-25mm-w8qr-qm89",
  "modified": "2022-05-13T01:32:14Z",
  "published": "2022-05-13T01:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4852"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104672"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4852 (GCVE-0-2018-4852)

GSD-2018-4852

VAR-201807-2188

CNVD-2018-12502

FKIE_CVE-2018-4852

GHSA-25MM-W8QR-QM89

Tags

Sightings

Nomenclature