ID

VAR-201803-2158


CVE

CVE-2018-4841


TITLE

Siemens TIM 1531 IRC Security Bypass Vulnerability

Trust: 0.8

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036

DESCRIPTION

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. TIM 1531 IRC Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens TIM 1531 IRC is a communication module from Siemens AG in Germany for processing data transmissions using the Siemens remote control protocol SINAUT ST7. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2018-4841 // JVNDB: JVNDB-2018-003574 // CNVD: CNVD-2018-07036 // BID: 103576 // IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // VULMON: CVE-2018-4841

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036

AFFECTED PRODUCTS

vendor:siemensmodel:tim 1531 ircscope:ltversion:1.1

Trust: 1.8

vendor:siemensmodel:tim ircscope:eqversion:1531<1.0

Trust: 0.6

vendor:siemensmodel:tim ircscope:eqversion:15311.0

Trust: 0.3

vendor:siemensmodel:tim ircscope:neversion:15311.1

Trust: 0.3

vendor:tim 1531 ircmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036 // BID: 103576 // JVNDB: JVNDB-2018-003574 // NVD: CVE-2018-4841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4841
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-4841
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-07036
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1133
value: CRITICAL

Trust: 0.6

IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1
value: CRITICAL

Trust: 0.2

VULMON: CVE-2018-4841
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4841
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-07036
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-4841
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-4841
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133 // NVD: CVE-2018-4841

PROBLEMTYPE DATA

problemtype:CWE-303

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-003574 // NVD: CVE-2018-4841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1133

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201803-1133

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003574

PATCH

title:SSA-110922url:https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Trust: 0.8

title:Siemens TIM 1531 IRC Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/124861

Trust: 0.6

title:Siemens TIM 1531 IRC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82885

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=12885f7d95d11b73fe4d1a1708218101

Trust: 0.1

sources: CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133

EXTERNAL IDS

db:NVDid:CVE-2018-4841

Trust: 3.6

db:BIDid:103576

Trust: 2.6

db:ICS CERTid:ICSA-18-088-02

Trust: 1.8

db:SIEMENSid:SSA-110922

Trust: 1.7

db:CNVDid:CNVD-2018-07036

Trust: 0.8

db:CNNVDid:CNNVD-201803-1133

Trust: 0.8

db:JVNDBid:JVNDB-2018-003574

Trust: 0.8

db:IVDid:E2EA7D80-39AB-11E9-9A69-000C29342CB1

Trust: 0.2

db:VULMONid:CVE-2018-4841

Trust: 0.1

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // BID: 103576 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133 // NVD: CVE-2018-4841

REFERENCES

url:http://www.securityfocus.com/bid/103576

Trust: 2.4

url:https://ics-cert.us-cert.gov/advisories/icsa-18-088-02

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4841

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-4841

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // BID: 103576 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133 // NVD: CVE-2018-4841

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103576

SOURCES

db:IVDid:e2ea7d80-39ab-11e9-9a69-000c29342cb1
db:CNVDid:CNVD-2018-07036
db:VULMONid:CVE-2018-4841
db:BIDid:103576
db:JVNDBid:JVNDB-2018-003574
db:CNNVDid:CNNVD-201803-1133
db:NVDid:CVE-2018-4841

LAST UPDATE DATE

2024-08-14T15:02:44.471000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-07036date:2018-04-04T00:00:00
db:VULMONid:CVE-2018-4841date:2019-10-09T00:00:00
db:BIDid:103576date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003574date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201803-1133date:2019-10-17T00:00:00
db:NVDid:CVE-2018-4841date:2023-03-24T17:36:34.353

SOURCES RELEASE DATE

db:IVDid:e2ea7d80-39ab-11e9-9a69-000c29342cb1date:2018-04-04T00:00:00
db:CNVDid:CNVD-2018-07036date:2018-04-04T00:00:00
db:VULMONid:CVE-2018-4841date:2018-03-29T00:00:00
db:BIDid:103576date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003574date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-1133date:2018-03-30T00:00:00
db:NVDid:CVE-2018-4841date:2018-03-29T13:29:00.210