CVE-2018-4841
CRITICALTIM 1531 IRC Firmware < 1.1 - Unauthenticated Remote Code Execution
Title source: llmDescription
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdf
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103576
Scores
CVSS v3
9.8
EPSS
0.0493
EPSS Percentile
91.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-303
Status
published
Products (1)
siemens/tim_1531_irc_firmware
< 1.1
Published
Mar 29, 2018
Tracked Since
Feb 18, 2026