Authentication Bypass Vulnerability in TeleControl Server Basic by Siemens
CVE-2018-4835

5.3MEDIUM

Key Information:

Vendor
Siemens
Status
Telecontrol Server Basic
Vendor
CVE Published:
25 January 2018

Summary

The TeleControl Server Basic software prior to version 3.1 contains a vulnerability that allows an attacker with network access to port 8000/tcp to bypass the authentication mechanism. This flaw could enable unauthorized users to access limited information within the server, potentially compromising the security and integrity of systems relying on this software.

Affected Version(s)

TeleControl Server Basic All versions < V3.1

References

https://www.siemens.com/cert/pool/cert/siemens_security_a...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102894
vdb-entryx_refsource_BID
http://www.securityfocus.com/bid/102904
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.