Skip to main content

Telecontrol Server Basic CVE-2018-4836

HIGH
Improper Authentication (CWE-287)
2018-01-25 productcert@siemens.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 25, 2018 - 14:29 nvd
HIGH 8.8

DescriptionNVD

A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.

AnalysisAI

A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations. Affected products include: Siemens Telecontrol Server Basic.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2024-44102 CRITICAL
10.0 Nov 12

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions

CVE-2025-27540 CRITICAL
9.3 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS

CVE-2025-27539 CRITICAL
9.3 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS

CVE-2025-27495 CRITICAL
9.3 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS

CVE-2025-32872 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32871 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32870 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32867 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32866 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32865 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32864 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32863 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

Share

CVE-2018-4836 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy