Tim 1531 Irc Firmware
CVE-2018-4841
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.
AnalysisAI
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-303. A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it. Affected products include: Siemens Tim 1531 Irc Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Tim 1531 Irc Firmware
View allA vulnerability has been identified in TIM 1531 IRC (All version < V2.0). Rated critical severity (CVSS 10.0), this vuln
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated hig
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today