SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-171973885] Siemens TeleControl Server Basic

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-01-30OtherSiemensSiemens ProductCERT reported the vulnerabilities to NCCIC.N/ACVE-2018-4835 CVE-2018-4836 CVE-2018-4837 N/AN/AN/A

Source

						
							
								
#
# Siemens TeleControl Server Basic
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
TeleControl Server Basic 


### RESEARCHER
Siemens ProductCERT reported the vulnerabilities to NCCIC.


### AFFECTED PRODUCTS
The following versions of TeleControl Server Basic, a monitoring platform, are affected:

TeleControl Server Basic versions prior to V3.1



### IMPACT
Successful exploitation of these vulnerabilities could allow for escalation of privileges to perform administrative actions.


### VULNERABILITY OVERVIEW
AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
An attacker with network access to Port 8000/TCP could bypass the authentication mechanism gaining access to limited information.
CVE-2018-4835 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)


PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
An authenticated attacker with network access to Port 8000/TCP could escalate privileges and perform administrative operations.
CVE-2018-4836 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)


UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
An attacker with access to the TeleControl Server Basic’s webserver (Ports 80/TCP or 443/TCP) could cause a Denial-of-Service condition on the web server.
The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.
CVE-2018-4837 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)





### BACKGROUND
Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Siemens recommends that users install the latest version of TeleControl Server Basic which can be found at:

https://support.industry.siemens.com/cs/ww/en/view/109755199


Siemens has also identified other mitigations that affected users can take:

If TeleControl Server Basic is operated in standalone mode, then users can close Port 8000/TCP on the Windows firewall to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836.

If TeleControl Server Basic is operated in redundancy mode, then users can use the Windows firewall to restrict access to Port 8000/TCP to the second TeleControl Server Basics’ IP address to mitigate vulnerabilities CVE-2018-4835 and CVE-2018-4836.

Users can use the Windows firewall to close Ports 80/TCP and 443/TCP to mitigate vulnerability CVE-2018-4837.

For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-65145 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm