Skip to main content

Telecontrol Server Basic CVE-2018-4837

HIGH
Uncontrolled Resource Consumption (CWE-400)
2018-01-25 productcert@siemens.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 25, 2018 - 14:29 nvd
HIGH 7.5

DescriptionNVD

A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.

AnalysisAI

A vulnerability has been identified in TeleControl Server Basic < V3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with access to the TeleControl Server Basic's webserver (port 80/tcp or 443/tcp) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition. Affected products include: Siemens Telecontrol Server Basic.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2024-44102 CRITICAL
10.0 Nov 12

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions

CVE-2025-27540 CRITICAL
9.3 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS

CVE-2025-27539 CRITICAL
9.3 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS

CVE-2025-27495 CRITICAL
9.3 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated critical severity (CVSS

CVE-2025-32872 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32871 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32870 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32867 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32866 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32865 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32864 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

CVE-2025-32863 HIGH
8.7 Apr 16

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). Rated high severity (CVSS 8.7

Share

CVE-2018-4837 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy