|2018-01-30||Other||Siemens||Siemens ProductCERT reported the vulnerabilities to NCCIC.||N/A||CVE-2018-4835 CVE-2018-4836 CVE-2018-4837 ||N/A||N/A||N/A|
# Siemens TeleControl Server Basic
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
TeleControl Server Basic
Siemens ProductCERT reported the vulnerabilities to NCCIC.
### AFFECTED PRODUCTS
The following versions of TeleControl Server Basic, a monitoring platform, are affected:
TeleControl Server Basic versions prior to V3.1
Successful exploitation of these vulnerabilities could allow for escalation of privileges to perform administrative actions.
### VULNERABILITY OVERVIEW
AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
An attacker with network access to Port 8000/TCP could bypass the authentication mechanism gaining access to limited information.
CVE-2018-4835 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
An authenticated attacker with network access to Port 8000/TCP could escalate privileges and perform administrative operations.
CVE-2018-4836 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
An attacker with access to the TeleControl Server Basic’s webserver (Ports 80/TCP or 443/TCP) could cause a Denial-of-Service condition on the web server.
The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.
CVE-2018-4837 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany
Siemens recommends that users install the latest version of TeleControl Server Basic which can be found at:
Siemens has also identified other mitigations that affected users can take:
If TeleControl Server Basic is operated in standalone mode, then users can close Port 8000/TCP on the Windows firewall to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836.
If TeleControl Server Basic is operated in redundancy mode, then users can use the Windows firewall to restrict access to Port 8000/TCP to the second TeleControl Server Basics’ IP address to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836.
Users can use the Windows firewall to close Ports 80/TCP and 443/TCP to mitigate vulnerability CVE-2018-4837.
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-65145 at the following location: