#VU10352 Information disclosure in TeleControl Server Basic - CVE-2018-4835

Cybersecurity Help s.r.o.

Published: 2018-02-01

Vulnerability identifier: #VU10352

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-4835

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TeleControl Server Basic
Client/Desktop applications / Other client software

Vendor: Siemens

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to authentication bypass. A remote attacker with network access to Port 8000/TCP can bypass authentication and gain access to limited information.

Mitigation
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
• If TeleControl Server Basic is operated in standalone mode, then customers can close port 8000/tcp on the Windows firewall.
• If Telecontrol Server Basic is operated in redundancy mode, then customers can use the Windows firewall to restrict access to port 8000/tcp to the second Telecontrol Server Basics’ IP address.

Vulnerable software versions

TeleControl Server Basic: 3.1

External links
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens TeleControl Server Basic