CVE-2018-4836

8.8HIGH

Key Information:

Vendor: Siemens
Status: Telecontrol Server Basic
Vendor: CVE Published:; 25 January 2018

Summary

A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.

Affected Version(s)

TeleControl Server Basic All versions < V3.1

References

https://www.siemens.com/cert/pool/cert/siemens_security_a...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102904

vdb-entryx_refsource_BID

http://www.securityfocus.com/bid/102897

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2018
Vulnerability Reserved
Jan 2, 2018