Details of VAR-201807-2189

ID

VAR-201807-2189

CVE

CVE-2018-4853

TITLE

SICLOCK TC100 and SICLOCK TC400 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007860

DESCRIPTION

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device. SICLOCK TC100 and SICLOCK TC400 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SICROCK product line offers components for synchronizing plant and system time. An unauthorized operating vulnerability exists in the Siemens SICLOCK TC product. A denial-of-Service vulnerability 2. An authentication-bypass vulnerability 3. A remote code-execution vulnerability 4. Multiple security-bypass vulnerabilities 5. An information-disclosure vulnerability Exploiting these issues could allow an attacker to bypass authentication mechanism, obtain sensitive information, execute arbitrary code and perform unauthorized actions. Failed exploits can result in a denial-of-service condition. Both Siemens SICLOCK TC100 and SICLOCK TC400 are central clock products of Germany's Siemens (Siemens). This product can provide unified and accurate time information for all network nodes in the LAN

Trust: 2.79

sources: NVD: CVE-2018-4853 // JVNDB: JVNDB-2018-007860 // CNVD: CNVD-2018-12503 // BID: 104672 // IVD: e2f63d4f-39ab-11e9-a2b0-000c29342cb1 // VULHUB: VHN-134884 // VULMON: CVE-2018-4853

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f63d4f-39ab-11e9-a2b0-000c29342cb1 // CNVD: CNVD-2018-12503

AFFECTED PRODUCTS

vendor:	siemens	model:	siclock tc400	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	siclock tc100	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	siclock tc100	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	siclock tc400	scope:	-	version:	-	Trust: 1.4
vendor:	siemens	model:	siclock tc400	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siclock tc100	scope:	eq	version:	0	Trust: 0.3
vendor:	siclock tc400	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	siclock tc100	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f63d4f-39ab-11e9-a2b0-000c29342cb1 // CNVD: CNVD-2018-12503 // BID: 104672 // JVNDB: JVNDB-2018-007860 // CNNVD: CNNVD-201807-166 // NVD: CVE-2018-4853

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4853
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-4853
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-12503
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201807-166
value:	CRITICAL
Trust: 0.6
IVD:	e2f63d4f-39ab-11e9-a2b0-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-134884
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-4853
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4853
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-12503
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f63d4f-39ab-11e9-a2b0-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134884
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4853
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f63d4f-39ab-11e9-a2b0-000c29342cb1 // CNVD: CNVD-2018-12503 // VULHUB: VHN-134884 // VULMON: CVE-2018-4853 // JVNDB: JVNDB-2018-007860 // CNNVD: CNNVD-201807-166 // NVD: CVE-2018-4853

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-134884 // JVNDB: JVNDB-2018-007860 // NVD: CVE-2018-4853

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-166

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-166

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007860

PATCH

title:	SSA-197012	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Trust: 0.8
title:	Patch for unauthorized operation of the Siemens SICLOCK TC product	url:	https://www.cnvd.org.cn/patchInfo/show/133421	Trust: 0.6

sources: CNVD: CNVD-2018-12503 // JVNDB: JVNDB-2018-007860

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4853	Trust: 3.7
db:	SIEMENS	id:	SSA-197012	Trust: 2.7
db:	BID	id:	104672	Trust: 2.1
db:	CNNVD	id:	CNNVD-201807-166	Trust: 0.9
db:	CNVD	id:	CNVD-2018-12503	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007860	Trust: 0.8
db:	IVD	id:	E2F63D4F-39AB-11E9-A2B0-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134884	Trust: 0.1
db:	VULMON	id:	CVE-2018-4853	Trust: 0.1

sources: IVD: e2f63d4f-39ab-11e9-a2b0-000c29342cb1 // CNVD: CNVD-2018-12503 // VULHUB: VHN-134884 // VULMON: CVE-2018-4853 // BID: 104672 // JVNDB: JVNDB-2018-007860 // CNNVD: CNNVD-201807-166 // NVD: CVE-2018-4853

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf	Trust: 2.7
url:	http://www.securityfocus.com/bid/104672	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4853	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4853	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-12503 // VULHUB: VHN-134884 // VULMON: CVE-2018-4853 // BID: 104672 // JVNDB: JVNDB-2018-007860 // CNNVD: CNNVD-201807-166 // NVD: CVE-2018-4853

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104672

SOURCES

db:	IVD	id:	e2f63d4f-39ab-11e9-a2b0-000c29342cb1
db:	CNVD	id:	CNVD-2018-12503
db:	VULHUB	id:	VHN-134884
db:	VULMON	id:	CVE-2018-4853
db:	BID	id:	104672
db:	JVNDB	id:	JVNDB-2018-007860
db:	CNNVD	id:	CNNVD-201807-166
db:	NVD	id:	CVE-2018-4853

LAST UPDATE DATE

2024-11-23T22:17:24.589000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12503	date:	2018-07-04T00:00:00
db:	VULHUB	id:	VHN-134884	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-4853	date:	2019-10-09T00:00:00
db:	BID	id:	104672	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007860	date:	2018-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201807-166	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-4853	date:	2024-11-21T04:07:35.403

SOURCES RELEASE DATE

db:	IVD	id:	e2f63d4f-39ab-11e9-a2b0-000c29342cb1	date:	2018-07-04T00:00:00
db:	CNVD	id:	CNVD-2018-12503	date:	2018-07-04T00:00:00
db:	VULHUB	id:	VHN-134884	date:	2018-07-03T00:00:00
db:	VULMON	id:	CVE-2018-4853	date:	2018-07-03T00:00:00
db:	BID	id:	104672	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007860	date:	2018-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201807-166	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-4853	date:	2018-07-03T14:29:00.337