22 matches found
EUVD-2018-16639
Malware in sbrugna...
EUVD-2018-16640
Malware in sbrugna...
Code injection
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device,...
CVE-2018-4851
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of th...
Design/Logic Flaw
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to port 69/udp could modify the firmware of the device...
Authentication flaw
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device...
CVE-2018-4855
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords...
CVE-2018-4856
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users...
Design/Logic Flaw
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users...
CVE-2018-4854
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device,...
Design/Logic Flaw
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords...
CVE-2018-4856
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users...
CVE-2018-4852
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device...
CVE-2018-4855
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords...
CVE-2018-4851
The CVE-2018-4851 issue affects Siemens SICLOCK TC100 and TC400 (all versions). An attacker with network access can trigger a Denial-of-Service by sending specific packets, potentially rebooting the device and impacting core functionality. Time-serving resumes after time synchronization with GPS ...
CVE-2018-4855
CVE-2018-4855 affects Siemens SICLOCK TC100/TC400 (All versions). Root cause is unencrypted storage of passwords in client configuration files and during network transmission, enabling an attacker in a privileged position to obtain device access passwords. Public details describe an information d...
CVE-2018-4851
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of th...
CVE-2018-4853
A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to port 69/udp could modify the firmware of the device...
CVE-2018-4854
The CVE-2018-4854 issue affects Siemens SICLOCK TC100/TC400 (all versions). A network-accessible UDP port 69/service allows an attacker to modify the device’s administrative client stored on the unit; if a legitimate user runs the modified client, the attacker could achieve code execution on the ...
CVE-2018-4853
CVE-2018-4853 affects Siemens SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). A network-accessible issue on UDP port 69 allows an attacker to modify the device firmware. Severity is rated as CRITICAL (CVSSv3 base score 9.8). Other details (root cause, specific vulnerable components...