Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-4858
HistoryJul 09, 2018 - 7:29 p.m.

CVE-2018-4858

2018-07-0919:29:00
CWE-284
[email protected]
web.nvd.nist.gov
2

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host’s network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service’s client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

Affected configurations

Nvd
Node
siemensec_61850_system_configurator_firmwareRange<5.80
AND
siemensec_61850_system_configuratorMatch-
Node
siemenssicam_pq_analyzer_firmwareRange<3.11
AND
siemenssicam_pq_analyzerMatch-
Node
siemenssicam_scc_firmwareMatch-
AND
siemenssicam_sccMatch-
Node
siemensdigsi_4Match-
AND
siemensdigsi_4_firmwareMatch-
Node
siemensdigsi_5Match-
AND
siemensdigsi_5_firmwareRange<7.80
Node
siemenssicam_pas\/pqsRange<8.11
VendorProductVersionCPE
siemensec_61850_system_configurator_firmware*cpe:2.3:o:siemens:ec_61850_system_configurator_firmware:*:*:*:*:*:*:*:*
siemensec_61850_system_configurator-cpe:2.3:h:siemens:ec_61850_system_configurator:-:*:*:*:*:*:*:*
siemenssicam_pq_analyzer_firmware*cpe:2.3:o:siemens:sicam_pq_analyzer_firmware:*:*:*:*:*:*:*:*
siemenssicam_pq_analyzer-cpe:2.3:h:siemens:sicam_pq_analyzer:-:*:*:*:*:*:*:*
siemenssicam_scc_firmware-cpe:2.3:o:siemens:sicam_scc_firmware:-:*:*:*:*:*:*:*
siemenssicam_scc-cpe:2.3:h:siemens:sicam_scc:-:*:*:*:*:*:*:*
siemensdigsi_4-cpe:2.3:h:siemens:digsi_4:-:*:*:*:*:*:*:*
siemensdigsi_4_firmware-cpe:2.3:o:siemens:digsi_4_firmware:-:*:*:*:*:*:*:*
siemensdigsi_5-cpe:2.3:h:siemens:digsi_5:-:*:*:*:*:*:*:*
siemensdigsi_5_firmware*cpe:2.3:o:siemens:digsi_5_firmware:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

Related

nessus 2
cvelist 1
prion 1
ics 1
cve 1
threatpost 1
nessus
nessus
Siemens Ec Unspecified Vulnerability
2019-11-08 00:00:00
Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Improper Access Control (CVE-2018-4858)
2022-02-07 00:00:00
cvelist
cvelist
CVE-2018-4858
2018-07-09 19:00:00
prion
prion
Design/Logic Flaw
2018-07-09 19:29:00
ics
ics
Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
2018-11-13 12:00:00
cve
cve
CVE-2018-4858
2018-07-09 19:29:00
threatpost
threatpost
Siemens Patches Firewall Flaw That Put Operations at Risk
2018-11-14 17:40:14

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON
Related for NVD:CVE-2018-4858
nessus2cvelist1prion1ics1cve1threatpost1