CVE-2018-4841

CRITICAL

Siemens Tim 1531 Irc Firmware < 1.1 - Authentication Bypass

Title source: rule

Description

A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.

References (2)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103576

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf

Scores

CVSS v3 9.8

EPSS 0.0285

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287 CWE-303

Status published

Affected Products (1)

siemens/tim_1531_irc_firmware < 1.1

Timeline

Published Mar 29, 2018

Tracked Since Feb 18, 2026