CVE-2018-4854

CVE-2018-4854

Vendor Siemens Ag
Product SICLOCK TC100, SICLOCK TC400
Weakness CWE-306 · Missing auth
Published July 3, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.

Key dates

02Disclosure timeline

July 3, 2018 CVE published
September 16, 2024 Record updated