CVE-2018-4855
MEDIUMSICLOCK TC100 and TC400 - Unencrypted Password Storage in Client Configuration
Title source: llmDescription
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104672
Mitigation, Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Scores
CVSS v3
6.5
EPSS
0.0102
EPSS Percentile
58.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-311
Status
published
Products (2)
siemens/siclock_tc100_firmware
siemens/siclock_tc400_firmware
Published
Jul 03, 2018
Tracked Since
Feb 18, 2026