CVE-2018-4837 - Vulnerability Details - OpenCVE

A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01482.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Telecontrol Server Basic

Configuration 1 [-]

cpe:2.3:a:siemens:telecontrol_server_basic:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2018-16623	A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/102819
http://www.securityfocus.com/bid/102904
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2018-01-25T14:00:00Z

Updated: 2024-09-16T16:22:25.673Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4837

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-01-25T14:29:00.427

Modified: 2024-11-21T04:07:33.270

Link: CVE-2018-4837

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "TeleControl Server Basic", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions < V3.1"}]}], "datePublic": "2018-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-02-03T10:57:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}, {"name": "102819", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102819"}, {"name": "102904", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102904"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "DATE_PUBLIC": "2018-01-25T00:00:00", "ID": "CVE-2018-4837", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TeleControl Server Basic", "version": {"version_data": [{"version_value": "All versions < V3.1"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')"}]}]}, "references": {"reference_data": [{"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}, {"name": "102819", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102819"}, {"name": "102904", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102904"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:18:26.525Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}, {"name": "102819", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102819"}, {"name": "102904", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102904"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2018-4837", "datePublished": "2018-01-25T14:00:00Z", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-09-16T16:22:25.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:telecontrol_server_basic:*:*:*:*:*:*:*:*", "matchCriteriaId": "E31D80D0-A773-45F5-8155-43861100BC48", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en TeleControl Server Basic en versiones anteriores a la 3.1. Un atacante con acceso al servidor web de Telecontrol Server Basic (puerto 80/tcp o 443/tcp) podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) en el servidor web. Las dem\u00e1s funcionalidades de TeleControl Server Basic no se ven afectadas por la denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-4837", "lastModified": "2024-11-21T04:07:33.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-25T14:29:00.427", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102819"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102904"}, {"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102819"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-651454.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}