Remote Code Execution Vulnerability in TIM 1531 IRC by Siemens
CVE-2018-4841

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Tim 1531 Irc
Vendor: CVE Published:; 29 March 2018

Summary

A security vulnerability exists in the TIM 1531 IRC device that allows a remote attacker to perform administrative operations without authentication. By exploiting this flaw via network access on ports 80/tcp or 443/tcp, unauthorized users could manipulate data, change configuration settings, or initiate a denial-of-service attack. As of the publication of this advisory, there are no known public exploitations of this vulnerability. Siemens has recommended mitigations for affected devices to enhance security.

Affected Version(s)

TIM 1531 IRC All versions < V1.1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11092...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103576

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2018
Vulnerability Reserved
Jan 2, 2018