|2018-03-29||Other||Siemens||Siemens reported this vulnerability to NCCIC.||N/A||CVE-2018-4841 ||N/A||N/A||N/A|
# Siemens TIM 1531 IRC
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
TIM 1531 IRC
Siemens reported this vulnerability to NCCIC.
### AFFECTED PRODUCTS
Siemens reports that the vulnerability affects the following TIM 1531 IRC communications modules:
TIM 1531 IRC, all versions prior to v1.1
Successful exploitation may cause the device to enter a denial-of-service condition, or allow the attacker to read and manipulate data and configuration settings of the affected device.
### VULNERABILITY OVERVIEW
INCORRECT IMPLEMENTATION OF AUTHENTICATION ALGORITHM CWE-303
A remote attacker with network access to Port 80/TCP or Port 443/TCP could perform administrative operations on the device without prior authentication.
CVE-2018-4841 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, and Food and Agriculture
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany
Siemens recommends updating to version 1.1 as soon as possible. The update can be found at the following location on the Siemens website:
Siemens has identified the following specific workaround and mitigation that users can apply to reduce the risk:
Users can limit access to Port 80/TCP and Port 443/TCP in their network infrastructure (e.g., cell protection firewall or corporate firewall) to reduce the risk.
Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users follow recommendations in the product manuals and configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security:
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-110922 at the following location: