#VU10353 Privilege escalation in TeleControl Server Basic - CVE-2018-4836

Cybersecurity Help s.r.o.

Published: 2018-02-01

Vulnerability identifier: #VU10353

Vulnerability risk: Low

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-4836

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TeleControl Server Basic
Client/Desktop applications / Other client software

Vendor: Siemens

Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to improper access and privileges controls. A remote attacker with network access to Port 8000/TCP can escalate his privileges and perform administrative operations.

Mitigation
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
• If TeleControl Server Basic is operated in standalone mode, then customers can close port 8000/tcp on the Windows firewall.
• If Telecontrol Server Basic is operated in redundancy mode, then customers can use the Windows firewall to restrict access to port 8000/tcp to the second Telecontrol Server Basics’ IP address.

Vulnerable software versions

TeleControl Server Basic: 3.1

External links
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens TeleControl Server Basic