Telecontrol Server Basic
CVE-2018-4835
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.
AnalysisAI
A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information. Affected products include: Siemens Telecontrol Server Basic.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Telecontrol Server Basic
View allA vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today