cvelistv5 - cve-2018-4855

CVE-2018-4855 (GCVE-0-2018-4855)

Vulnerability from cvelistv5 – Published: 2018-07-03 14:00 – Updated: 2024-09-17 03:08

Summary

Severity ?

No CVSS data available.

CWE

CWE-311 - Missing Encryption of Sensitive Data

Assigner

siemens

References

URL

Tags

	http://www.securityfocus.com/bid/104672	vdb-entryx_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Siemens AG	SICLOCK TC100, SICLOCK TC400	Affected: SICLOCK TC100 : All versions Affected: SICLOCK TC400 : All versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104672",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104672"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SICLOCK TC100, SICLOCK TC400",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SICLOCK TC100 : All versions"
            },
            {
              "status": "affected",
              "version": "SICLOCK TC400 : All versions"
            }
          ]
        }
      ],
      "datePublic": "2018-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-311",
              "description": "CWE-311: Missing Encryption of Sensitive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-06T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "104672",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104672"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "DATE_PUBLIC": "2018-07-03T00:00:00",
          "ID": "CVE-2018-4855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SICLOCK TC100, SICLOCK TC400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SICLOCK TC100 : All versions"
                          },
                          {
                            "version_value": "SICLOCK TC400 : All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-311: Missing Encryption of Sensitive Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104672",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104672"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-4855",
    "datePublished": "2018-07-03T14:00:00Z",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-09-17T03:08:21.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"623964CC-A572-43D4-B1A8-728BBFDDCE80\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BCF92CE-8978-409E-B37B-B8CFBD070450\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DBC06E1-89FB-4A17-A144-EC08C55E3301\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF13B571-98B9-4632-A275-A835DDCB5AD1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Almacenamiento de contrase\\u00f1as sin cifrar en los archivos de configuraci\\u00f3n del cliente y durante la transmisi\\u00f3n por red podr\\u00eda permitir que un atacante en una posici\\u00f3n privilegiada para obtener acceso a las contrase\\u00f1as.\"}]",
      "id": "CVE-2018-4855",
      "lastModified": "2024-11-21T04:07:35.660",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-07-03T14:29:00.430",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104672\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104672\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-311\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-311\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4855\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2018-07-03T14:29:00.430\",\"lastModified\":\"2024-11-21T04:07:35.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Almacenamiento de contrase\u00f1as sin cifrar en los archivos de configuraci\u00f3n del cliente y durante la transmisi\u00f3n por red podr\u00eda permitir que un atacante en una posici\u00f3n privilegiada para obtener acceso a las contrase\u00f1as.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623964CC-A572-43D4-B1A8-728BBFDDCE80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BCF92CE-8978-409E-B37B-B8CFBD070450\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DBC06E1-89FB-4A17-A144-EC08C55E3301\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF13B571-98B9-4632-A275-A835DDCB5AD1\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104672\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104672\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-4855

Vulnerability from fkie_nvd - Published: 2018-07-03 14:29 - Updated: 2024-11-21 04:07

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/104672	Third Party Advisory, VDB Entry
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104672	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	siclock_tc400_firmware	-
siemens	siclock_tc400	-
siemens	siclock_tc100_firmware	-
siemens	siclock_tc100	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "623964CC-A572-43D4-B1A8-728BBFDDCE80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BCF92CE-8978-409E-B37B-B8CFBD070450",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DBC06E1-89FB-4A17-A144-EC08C55E3301",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF13B571-98B9-4632-A275-A835DDCB5AD1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Almacenamiento de contrase\u00f1as sin cifrar en los archivos de configuraci\u00f3n del cliente y durante la transmisi\u00f3n por red podr\u00eda permitir que un atacante en una posici\u00f3n privilegiada para obtener acceso a las contrase\u00f1as."
    }
  ],
  "id": "CVE-2018-4855",
  "lastModified": "2024-11-21T04:07:35.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-03T14:29:00.430",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104672"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201807-2191

Vulnerability from variot - Updated: 2023-12-18 12:01

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. SICLOCK TC100 and SICLOCK TC400 Contains an information disclosure vulnerability.Information may be obtained. The SICROCK product line offers components for synchronizing plant and system time. An information disclosure vulnerability exists in the Siemens SICLOCK TC product. An attacker can exploit the vulnerability to read the device's access password. A denial-of-Service vulnerability 2. An authentication-bypass vulnerability 3. A remote code-execution vulnerability 4. Multiple security-bypass vulnerabilities 5. An information-disclosure vulnerability Exploiting these issues could allow an attacker to bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany's Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2191",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "siclock tc100",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc400",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc100",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc400",
        "scope": null,
        "trust": 1.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "siclock tc400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "siclock tc100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "siclock tc400",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "siclock tc100",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "104672"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-4855",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-4855",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2018-12505",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "e2f66461-39ab-11e9-a686-000c29342cb1",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-134886",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4855",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4855",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-12505",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-164",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "e2f66461-39ab-11e9-a686-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134886",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. SICLOCK TC100 and SICLOCK TC400 Contains an information disclosure vulnerability.Information may be obtained. The SICROCK product line offers components for synchronizing plant and system time. An information disclosure vulnerability exists in the Siemens SICLOCK TC product. An attacker can exploit the vulnerability to read the device\u0027s access password. A denial-of-Service vulnerability\n2. An authentication-bypass vulnerability\n3. A remote code-execution vulnerability\n4. Multiple security-bypass vulnerabilities\n5. An information-disclosure vulnerability\nExploiting these issues could allow an attacker to bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany\u0027s Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-4855",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-197012",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "104672",
        "trust": 2.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2F66461-39AB-11E9-A686-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "id": "VAR-201807-2191",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      }
    ],
    "trust": 1.52
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:01:27.247000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-197012",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
      },
      {
        "title": "Siemens SICLOCK TC Product Information Disclosure Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/133425"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-311",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/104672"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4855"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4855"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "db": "BID",
        "id": "104672"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-04T00:00:00",
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "BID",
        "id": "104672"
      },
      {
        "date": "2018-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "date": "2018-07-03T14:29:00.430000",
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134886"
      },
      {
        "date": "2018-07-03T00:00:00",
        "db": "BID",
        "id": "104672"
      },
      {
        "date": "2018-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007862"
      },
      {
        "date": "2019-10-09T23:41:03.093000",
        "db": "NVD",
        "id": "CVE-2018-4855"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SICLOCK TC Product Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "e2f66461-39ab-11e9-a686-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12505"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-164"
      }
    ],
    "trust": 0.6
  }
}

GHSA-5879-3VJC-222G

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-03T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.",
  "id": "GHSA-5879-3vjc-222g",
  "modified": "2022-05-13T01:32:14Z",
  "published": "2022-05-13T01:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4855"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104672"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-4855

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4855

Aliases

CVE-2018-4855

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4855",
    "description": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.",
    "id": "GSD-2018-4855"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4855"
      ],
      "details": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.",
      "id": "GSD-2018-4855",
      "modified": "2023-12-13T01:22:28.061882Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "DATE_PUBLIC": "2018-07-03T00:00:00",
        "ID": "CVE-2018-4855",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SICLOCK TC100, SICLOCK TC400",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SICLOCK TC100 : All versions"
                        },
                        {
                          "version_value": "SICLOCK TC400 : All versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens AG"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-311: Missing Encryption of Sensitive Data"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104672",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104672"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-4855"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-311"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
            },
            {
              "name": "104672",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104672"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:41Z",
      "publishedDate": "2018-07-03T14:29Z"
    }
  }
}

CNVD-2018-12505

Vulnerability from cnvd - Published: 2018-07-04

Title

Siemens SICLOCK TC产品信息泄露漏洞

Description

SICROCK产品系列提供了用于同步工厂和系统时间的组件。 Siemens SICLOCK TC产品存在信息泄露漏洞。攻击者可利用漏洞读取设备的访问密码。

Severity

中

Patch Name

Siemens SICLOCK TC产品信息泄露漏洞的补丁

Patch Description

SICROCK产品系列提供了用于同步工厂和系统时间的组件。 Siemens SICLOCK TC产品存在信息泄露漏洞。攻击者可利用漏洞读取设备的访问密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Impacted products

Name
['Siemens SICLOCK TC100', 'Siemens SICLOCK TC400']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4855"
    }
  },
  "description": "SICROCK\u4ea7\u54c1\u7cfb\u5217\u63d0\u4f9b\u4e86\u7528\u4e8e\u540c\u6b65\u5de5\u5382\u548c\u7cfb\u7edf\u65f6\u95f4\u7684\u7ec4\u4ef6\u3002\r\n\r\nSiemens SICLOCK TC\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bfb\u53d6\u8bbe\u5907\u7684\u8bbf\u95ee\u5bc6\u7801\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12505",
  "openTime": "2018-07-04",
  "patchDescription": "SICROCK\u4ea7\u54c1\u7cfb\u5217\u63d0\u4f9b\u4e86\u7528\u4e8e\u540c\u6b65\u5de5\u5382\u548c\u7cfb\u7edf\u65f6\u95f4\u7684\u7ec4\u4ef6\u3002\r\n\r\nSiemens SICLOCK TC\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bfb\u53d6\u8bbe\u5907\u7684\u8bbf\u95ee\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SICLOCK TC\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SICLOCK TC100",
      "Siemens SICLOCK TC400"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-04",
  "title": "Siemens SICLOCK TC\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4855 (GCVE-0-2018-4855)

FKIE_CVE-2018-4855

VAR-201807-2191

GHSA-5879-3VJC-222G

GSD-2018-4855

CNVD-2018-12505

Tags

Sightings

Nomenclature