Sign-up

ID

VAR-201807-2188


CVE

CVE-2018-4852


TITLE

SICLOCK TC100 and SICLOCK TC400 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007859

DESCRIPTION

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device. SICLOCK TC100 and SICLOCK TC400 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SICROCK product line offers components for synchronizing plant and system time. The Siemens SICLOCK TC product has a bypass certification vulnerability. Allows an attacker to read and modify device configuration. Siemens SICLOCK TC Devices are prone to the following multiple security vulnerabilities: 1. A denial-of-Service vulnerability 2. An authentication-bypass vulnerability 3. A remote code-execution vulnerability 4. Multiple security-bypass vulnerabilities 5. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany's Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN. A security vulnerability exists in Siemens SICLOCK TC100 and SICLOCK TC400

Trust: 2.79

sources: NVD: CVE-2018-4852 // JVNDB: JVNDB-2018-007859 // CNVD: CNVD-2018-12502 // BID: 104672 // IVD: e2f63d50-39ab-11e9-92da-000c29342cb1 // VULHUB: VHN-134883 // VULMON: CVE-2018-4852

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f63d50-39ab-11e9-92da-000c29342cb1 // CNVD: CNVD-2018-12502

AFFECTED PRODUCTS

vendor:siemensmodel:siclock tc400scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:siclock tc100scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:siclock tc100scope: - version: -

Trust: 1.4

vendor:siemensmodel:siclock tc400scope: - version: -

Trust: 1.4

vendor:siemensmodel:siclock tc400scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siclock tc100scope:eqversion:0

Trust: 0.3

vendor:siclock tc400model: - scope:eqversion: -

Trust: 0.2

vendor:siclock tc100model: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2f63d50-39ab-11e9-92da-000c29342cb1 // CNVD: CNVD-2018-12502 // BID: 104672 // JVNDB: JVNDB-2018-007859 // CNNVD: CNNVD-201807-167 // NVD: CVE-2018-4852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4852
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4852
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-12502
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-167
value: CRITICAL

Trust: 0.6

IVD: e2f63d50-39ab-11e9-92da-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-134883
value: HIGH

Trust: 0.1

VULMON: CVE-2018-4852
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4852
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-12502
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f63d50-39ab-11e9-92da-000c29342cb1
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-134883
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4852
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f63d50-39ab-11e9-92da-000c29342cb1 // CNVD: CNVD-2018-12502 // VULHUB: VHN-134883 // VULMON: CVE-2018-4852 // JVNDB: JVNDB-2018-007859 // CNNVD: CNNVD-201807-167 // NVD: CVE-2018-4852

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:CWE-288

Trust: 1.0

sources: VULHUB: VHN-134883 // JVNDB: JVNDB-2018-007859 // NVD: CVE-2018-4852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-167

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201807-167

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007859

PATCH
title:SSA-197012url:https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Trust: 0.8
title:Siemens SICLOCK TC products bypass the patch for certification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/133419
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12502 // 
            
            
            
            JVNDB: JVNDB-2018-007859

EXTERNAL IDS
db:NVDid:CVE-2018-4852
Trust: 3.7
db:SIEMENSid:SSA-197012
Trust: 2.7
db:BIDid:104672
Trust: 2.1
db:CNNVDid:CNNVD-201807-167
Trust: 0.9
db:CNVDid:CNVD-2018-12502
Trust: 0.8
db:JVNDBid:JVNDB-2018-007859
Trust: 0.8
db:IVDid:E2F63D50-39AB-11E9-92DA-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-134883
Trust: 0.1
db:VULMONid:CVE-2018-4852
Trust: 0.1
sources:
            
            
            IVD: e2f63d50-39ab-11e9-92da-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-12502 // 
            
            
            
            VULHUB: VHN-134883 // 
            
            
            
            VULMON: CVE-2018-4852 // 
            
            
            
            BID: 104672 // 
            
            
            
            JVNDB: JVNDB-2018-007859 // 
            
            
            
            CNNVD: CNNVD-201807-167 // 
            
            
            
            NVD: CVE-2018-4852

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Trust: 2.7
url:http://www.securityfocus.com/bid/104672
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4852
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4852
Trust: 0.8
url:http://www.siemens.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/145773
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12502 // 
            
            
            
            VULHUB: VHN-134883 // 
            
            
            
            VULMON: CVE-2018-4852 // 
            
            
            
            BID: 104672 // 
            
            
            
            JVNDB: JVNDB-2018-007859 // 
            
            
            
            CNNVD: CNNVD-201807-167 // 
            
            
            
            NVD: CVE-2018-4852

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104672

SOURCES
db:IVDid:e2f63d50-39ab-11e9-92da-000c29342cb1
db:CNVDid:CNVD-2018-12502
db:VULHUBid:VHN-134883
db:VULMONid:CVE-2018-4852
db:BIDid:104672
db:JVNDBid:JVNDB-2018-007859
db:CNNVDid:CNNVD-201807-167
db:NVDid:CVE-2018-4852

LAST UPDATE DATE
2024-11-23T22:17:24.507000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12502date:2018-07-04T00:00:00
db:VULHUBid:VHN-134883date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-4852date:2019-10-09T00:00:00
db:BIDid:104672date:2018-07-03T00:00:00
db:JVNDBid:JVNDB-2018-007859date:2018-09-28T00:00:00
db:CNNVDid:CNNVD-201807-167date:2019-10-17T00:00:00
db:NVDid:CVE-2018-4852date:2024-11-21T04:07:35.270

SOURCES RELEASE DATE
db:IVDid:e2f63d50-39ab-11e9-92da-000c29342cb1date:2018-07-04T00:00:00
db:CNVDid:CNVD-2018-12502date:2018-07-04T00:00:00
db:VULHUBid:VHN-134883date:2018-07-03T00:00:00
db:VULMONid:CVE-2018-4852date:2018-07-03T00:00:00
db:BIDid:104672date:2018-07-03T00:00:00
db:JVNDBid:JVNDB-2018-007859date:2018-09-28T00:00:00
db:CNNVDid:CNNVD-201807-167date:2018-07-04T00:00:00
db:NVDid:CVE-2018-4852date:2018-07-03T14:29:00.290