Details of VAR-201801-1629

ID

VAR-201801-1629

CVE

CVE-2018-4836

TITLE

TeleControl Server Basic Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001582

DESCRIPTION

A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations. TeleControl Server Basic Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens TeleControl Server Basic is a remote control system for Siemens equipment from Siemens AG. An attacker can leverage these issues to obtain sensitive information, bypass security restrictions and gain elevated privileges. Failed exploit attempts may result in a denial of service condition

Trust: 2.88

sources: NVD: CVE-2018-4836 // JVNDB: JVNDB-2018-001582 // CNVD: CNVD-2018-02347 // BID: 102904 // BID: 102897 // IVD: e2e32a80-39ab-11e9-ae20-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e32a80-39ab-11e9-ae20-000c29342cb1 // CNVD: CNVD-2018-02347

AFFECTED PRODUCTS

vendor:	siemens	model:	telecontrol server basic	scope:	lt	version:	3.1	Trust: 1.8
vendor:	siemens	model:	telecontrol server basics	scope:	lt	version:	v3.1	Trust: 0.6
vendor:	siemens	model:	telecontrol server basic sp2	scope:	eq	version:	3.0	Trust: 0.6
vendor:	siemens	model:	telecontrol server basic	scope:	eq	version:	3.0	Trust: 0.6
vendor:	siemens	model:	telecontrol server basic	scope:	ne	version:	3.1	Trust: 0.6
vendor:	telecontrol server basic	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e32a80-39ab-11e9-ae20-000c29342cb1 // CNVD: CNVD-2018-02347 // BID: 102904 // BID: 102897 // JVNDB: JVNDB-2018-001582 // NVD: CVE-2018-4836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4836
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4836
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-02347
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201801-985
value:	HIGH
Trust: 0.6
IVD:	e2e32a80-39ab-11e9-ae20-000c29342cb1
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-4836
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-02347
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e32a80-39ab-11e9-ae20-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-4836
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e32a80-39ab-11e9-ae20-000c29342cb1 // CNVD: CNVD-2018-02347 // JVNDB: JVNDB-2018-001582 // CNNVD: CNNVD-201801-985 // NVD: CVE-2018-4836

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-001582 // NVD: CVE-2018-4836

THREAT TYPE

network

Trust: 0.6

sources: BID: 102904 // BID: 102897

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-985

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001582

PATCH

title:	SSA-651454	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-651454.pdf	Trust: 0.8
title:	Patch for Siemens TeleControl Server Basic Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/115111	Trust: 0.6
title:	Siemens TeleControl Server Basic Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78098	Trust: 0.6

sources: CNVD: CNVD-2018-02347 // JVNDB: JVNDB-2018-001582 // CNNVD: CNNVD-201801-985

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4836	Trust: 3.8
db:	BID	id:	102904	Trust: 1.9
db:	SIEMENS	id:	SSA-651454	Trust: 1.9
db:	BID	id:	102897	Trust: 1.9
db:	ICS CERT	id:	ICSA-18-030-02	Trust: 1.7
db:	CNVD	id:	CNVD-2018-02347	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-985	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-001582	Trust: 0.8
db:	IVD	id:	E2E32A80-39AB-11E9-AE20-000C29342CB1	Trust: 0.2

sources: IVD: e2e32a80-39ab-11e9-ae20-000c29342cb1 // CNVD: CNVD-2018-02347 // BID: 102904 // BID: 102897 // JVNDB: JVNDB-2018-001582 // CNNVD: CNNVD-201801-985 // NVD: CVE-2018-4836

REFERENCES

url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf	Trust: 1.9
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-030-02	Trust: 1.7
url:	http://www.securityfocus.com/bid/102897	Trust: 1.6
url:	http://www.securityfocus.com/bid/102904	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4836	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4836	Trust: 0.8
url:	https://support.industry.siemens.com/cs/ww/en/view/109755199	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.6

sources: CNVD: CNVD-2018-02347 // BID: 102904 // BID: 102897 // JVNDB: JVNDB-2018-001582 // CNNVD: CNNVD-201801-985 // NVD: CVE-2018-4836

CREDITS

The vendor reported this issue.

Trust: 0.6

sources: BID: 102904 // BID: 102897

SOURCES

db:	IVD	id:	e2e32a80-39ab-11e9-ae20-000c29342cb1
db:	CNVD	id:	CNVD-2018-02347
db:	BID	id:	102904
db:	BID	id:	102897
db:	JVNDB	id:	JVNDB-2018-001582
db:	CNNVD	id:	CNNVD-201801-985
db:	NVD	id:	CVE-2018-4836

LAST UPDATE DATE

2024-08-14T13:29:09.745000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-02347	date:	2018-01-31T00:00:00
db:	BID	id:	102904	date:	2018-01-30T00:00:00
db:	BID	id:	102897	date:	2018-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-001582	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201801-985	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-4836	date:	2019-10-09T23:41:00.453

SOURCES RELEASE DATE

db:	IVD	id:	e2e32a80-39ab-11e9-ae20-000c29342cb1	date:	2018-01-31T00:00:00
db:	CNVD	id:	CNVD-2018-02347	date:	2018-01-31T00:00:00
db:	BID	id:	102904	date:	2018-01-30T00:00:00
db:	BID	id:	102897	date:	2018-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-001582	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-985	date:	2018-01-26T00:00:00
db:	NVD	id:	CVE-2018-4836	date:	2018-01-25T14:29:00.380