CVE-2018-4851

{"id": "CVE-2018-4851", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2018-07-03T14:29:00.227", "references": [{"url": "http://www.securityfocus.com/bid/104672", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SICLOCK TC100 (todas las versiones) y SICLOCK TC400 (todas las versiones). Un atacante con acceso de red a los dispositivos podr\u00eda provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) enviando determinados paquetes al dispositivo, provocando reinicios potenciales del dispositivo. La funci\u00f3n principal del dispositivo se podr\u00eda ver afectada. La funcionalidad time serving se recupera cuando se completa la sincronizaci\u00f3n del tiempo con los dispositivos GPS u otros servidores NTP."}], "lastModified": "2019-10-09T23:41:02.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623964CC-A572-43D4-B1A8-728BBFDDCE80"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6BCF92CE-8978-409E-B37B-B8CFBD070450"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DBC06E1-89FB-4A17-A144-EC08C55E3301"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF13B571-98B9-4632-A275-A835DDCB5AD1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}