CVE-2018-4855

MEDIUM

Siemens Siclock Tc400 Firmware - Missing Encryption

Title source: rule

Description

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104672

[Mitigation, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 32.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (2)

siemens/siclock_tc100_firmware

siemens/siclock_tc400_firmware

Published Jul 03, 2018

Tracked Since Feb 18, 2026