Details of VAR-201807-2187

ID

VAR-201807-2187

CVE

CVE-2018-4851

TITLE

Siemens SICLOCK TC Product Denial of Service Vulnerability

Trust: 0.8

sources: IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // CNVD: CNVD-2018-12501

DESCRIPTION

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed. SICLOCK TC100 and SICLOCK TC400 Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The SICROCK product line offers components for synchronizing plant and system time. A denial of service vulnerability exists in the Siemens SICLOCK TC product. A denial-of-Service vulnerability 2. An authentication-bypass vulnerability 3. A remote code-execution vulnerability 4. Multiple security-bypass vulnerabilities 5. An information-disclosure vulnerability Exploiting these issues could allow an attacker to bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany's Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN

Trust: 2.7

sources: NVD: CVE-2018-4851 // JVNDB: JVNDB-2018-007254 // CNVD: CNVD-2018-12501 // BID: 104672 // IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // VULHUB: VHN-134882

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // CNVD: CNVD-2018-12501

AFFECTED PRODUCTS

vendor:	siemens	model:	siclock tc400	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	siclock tc100	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	siclock tc100	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	siclock tc400	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	siclock tc400	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siclock tc100	scope:	eq	version:	0	Trust: 0.3
vendor:	siclock tc400	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	siclock tc100	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // CNVD: CNVD-2018-12501 // BID: 104672 // JVNDB: JVNDB-2018-007254 // CNNVD: CNNVD-201807-168 // NVD: CVE-2018-4851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4851
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4851
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-12501
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201807-168
value:	HIGH
Trust: 0.6
IVD:	e2f61641-39ab-11e9-a0a0-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-134882
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4851
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12501
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f61641-39ab-11e9-a0a0-000c29342cb1
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134882
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4851
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 1.8

sources: IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // CNVD: CNVD-2018-12501 // VULHUB: VHN-134882 // JVNDB: JVNDB-2018-007254 // CNNVD: CNNVD-201807-168 // NVD: CVE-2018-4851

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-399	Trust: 1.0

sources: VULHUB: VHN-134882 // JVNDB: JVNDB-2018-007254 // NVD: CVE-2018-4851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-168

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // CNNVD: CNNVD-201807-168

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007254

PATCH

title:	SSA-197012	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Trust: 0.8
title:	Siemens SICLOCK TC Product Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/133415	Trust: 0.6

sources: CNVD: CNVD-2018-12501 // JVNDB: JVNDB-2018-007254

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4851	Trust: 3.6
db:	SIEMENS	id:	SSA-197012	Trust: 2.6
db:	BID	id:	104672	Trust: 2.0
db:	CNNVD	id:	CNNVD-201807-168	Trust: 0.9
db:	CNVD	id:	CNVD-2018-12501	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007254	Trust: 0.8
db:	IVD	id:	E2F61641-39AB-11E9-A0A0-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134882	Trust: 0.1

sources: IVD: e2f61641-39ab-11e9-a0a0-000c29342cb1 // CNVD: CNVD-2018-12501 // VULHUB: VHN-134882 // BID: 104672 // JVNDB: JVNDB-2018-007254 // CNNVD: CNNVD-201807-168 // NVD: CVE-2018-4851

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Trust: 2.6
url:	http://www.securityfocus.com/bid/104672	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4851	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4851	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-12501 // VULHUB: VHN-134882 // BID: 104672 // JVNDB: JVNDB-2018-007254 // CNNVD: CNNVD-201807-168 // NVD: CVE-2018-4851

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104672

SOURCES

db:	IVD	id:	e2f61641-39ab-11e9-a0a0-000c29342cb1
db:	CNVD	id:	CNVD-2018-12501
db:	VULHUB	id:	VHN-134882
db:	BID	id:	104672
db:	JVNDB	id:	JVNDB-2018-007254
db:	CNNVD	id:	CNNVD-201807-168
db:	NVD	id:	CVE-2018-4851

LAST UPDATE DATE

2024-11-23T22:17:24.670000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12501	date:	2018-07-04T00:00:00
db:	VULHUB	id:	VHN-134882	date:	2019-10-09T00:00:00
db:	BID	id:	104672	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007254	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-168	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-4851	date:	2024-11-21T04:07:35.133

SOURCES RELEASE DATE

db:	IVD	id:	e2f61641-39ab-11e9-a0a0-000c29342cb1	date:	2018-07-04T00:00:00
db:	CNVD	id:	CNVD-2018-12501	date:	2018-07-04T00:00:00
db:	VULHUB	id:	VHN-134882	date:	2018-07-03T00:00:00
db:	BID	id:	104672	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007254	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-168	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-4851	date:	2018-07-03T14:29:00.227