Details of VAR-201803-2158

ID

VAR-201803-2158

CVE

CVE-2018-4841

TITLE

Siemens TIM 1531 IRC Security Bypass Vulnerability

Trust: 0.8

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036

DESCRIPTION

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. TIM 1531 IRC Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens TIM 1531 IRC is a communication module from Siemens AG in Germany for processing data transmissions using the Siemens remote control protocol SINAUT ST7. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2018-4841 // JVNDB: JVNDB-2018-003574 // CNVD: CNVD-2018-07036 // BID: 103576 // IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // VULMON: CVE-2018-4841

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036

AFFECTED PRODUCTS

vendor:	siemens	model:	tim 1531 irc	scope:	lt	version:	1.1	Trust: 1.8
vendor:	siemens	model:	tim irc	scope:	eq	version:	1531<1.0	Trust: 0.6
vendor:	siemens	model:	tim irc	scope:	eq	version:	15311.0	Trust: 0.3
vendor:	siemens	model:	tim irc	scope:	ne	version:	15311.1	Trust: 0.3
vendor:	tim 1531 irc	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036 // BID: 103576 // JVNDB: JVNDB-2018-003574 // NVD: CVE-2018-4841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4841
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-4841
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-07036
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201803-1133
value:	CRITICAL
Trust: 0.6
IVD:	e2ea7d80-39ab-11e9-9a69-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULMON:	CVE-2018-4841
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4841
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-07036
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ea7d80-39ab-11e9-9a69-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-4841
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-4841
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133 // NVD: CVE-2018-4841

PROBLEMTYPE DATA

problemtype:	CWE-303	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-003574 // NVD: CVE-2018-4841

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1133

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201803-1133

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003574

PATCH

title:	SSA-110922	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf	Trust: 0.8
title:	Siemens TIM 1531 IRC Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/124861	Trust: 0.6
title:	Siemens TIM 1531 IRC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82885	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=12885f7d95d11b73fe4d1a1708218101	Trust: 0.1

sources: CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4841	Trust: 3.6
db:	BID	id:	103576	Trust: 2.6
db:	ICS CERT	id:	ICSA-18-088-02	Trust: 1.8
db:	SIEMENS	id:	SSA-110922	Trust: 1.7
db:	CNVD	id:	CNVD-2018-07036	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-1133	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-003574	Trust: 0.8
db:	IVD	id:	E2EA7D80-39AB-11E9-9A69-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2018-4841	Trust: 0.1

sources: IVD: e2ea7d80-39ab-11e9-9a69-000c29342cb1 // CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // BID: 103576 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133 // NVD: CVE-2018-4841

REFERENCES

url:	http://www.securityfocus.com/bid/103576	Trust: 2.4
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-088-02	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4841	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4841	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-07036 // VULMON: CVE-2018-4841 // BID: 103576 // JVNDB: JVNDB-2018-003574 // CNNVD: CNNVD-201803-1133 // NVD: CVE-2018-4841

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103576

SOURCES

db:	IVD	id:	e2ea7d80-39ab-11e9-9a69-000c29342cb1
db:	CNVD	id:	CNVD-2018-07036
db:	VULMON	id:	CVE-2018-4841
db:	BID	id:	103576
db:	JVNDB	id:	JVNDB-2018-003574
db:	CNNVD	id:	CNNVD-201803-1133
db:	NVD	id:	CVE-2018-4841

LAST UPDATE DATE

2024-08-14T15:02:44.471000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07036	date:	2018-04-04T00:00:00
db:	VULMON	id:	CVE-2018-4841	date:	2019-10-09T00:00:00
db:	BID	id:	103576	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-003574	date:	2018-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201803-1133	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-4841	date:	2023-03-24T17:36:34.353

SOURCES RELEASE DATE

db:	IVD	id:	e2ea7d80-39ab-11e9-9a69-000c29342cb1	date:	2018-04-04T00:00:00
db:	CNVD	id:	CNVD-2018-07036	date:	2018-04-04T00:00:00
db:	VULMON	id:	CVE-2018-4841	date:	2018-03-29T00:00:00
db:	BID	id:	103576	date:	2018-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-003574	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1133	date:	2018-03-30T00:00:00
db:	NVD	id:	CVE-2018-4841	date:	2018-03-29T13:29:00.210