Risk | High |
Patch available | NO |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2018-4851 CVE-2018-4852 CVE-2018-4853 CVE-2018-4854 CVE-2018-4855 CVE-2018-4856 |
CWE-ID | CWE-20 CWE-592 CWE-264 CWE-300 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
Vulnerable software Subscribe |
SICLOCK TC400 Client/Desktop applications / Other client software SICLOCK TC100 Client/Desktop applications / Other client software |
Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU13567
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-4851
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionSiemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
SICLOCK TC400: All versions
SICLOCK TC100: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13568
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-4852
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionSiemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
SICLOCK TC400: All versions
SICLOCK TC100: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13569
Risk: Low
CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-4853
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionSiemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
SICLOCK TC400: All versions
SICLOCK TC100: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13570
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-4854
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionSiemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
SICLOCK TC400: All versions
SICLOCK TC100: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13571
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-4855
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionSiemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
SICLOCK TC400: All versions
SICLOCK TC100: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13572
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-4856
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionSiemens has identified the following specific workarounds and mitigations that customers can apply to
reduce the risk:
• Provide redundant time sources and implement plausibility checks for the time information in critical
plant controllers.
• Protect network access to the affected devices with appropriate measures, e.g. protect SICLOCK
TC devices with firewalls to reduce the risk.
It is recommended to filter traffic to all ports excluding those needed for time synchronization. If
time synchronization is performed using NTP, then port 123/udp must be opened on the firewall. If
time synchronization is performed using SIMATIC time synchronization, then port 22223/udp and
port 22224/udp must be opened on the firewall.
For configuring parameters, it is recommended to use a direct connection to the SICLOCK TC.
• Apply the cell protection concept, and apply defense-in-depth: https://www.siemens.com/cert/
operational-guidelines-industrial-security
SICLOCK TC400: All versions
SICLOCK TC100: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.