CVE-2018-4855
N/A
N/A
Summary
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens AG | SICLOCK TC100, SICLOCK TC400 | SICLOCK TC100 : All versions | affected |
| Siemens AG | SICLOCK TC100, SICLOCK TC400 | SICLOCK TC400 : All versions | affected |
Weaknesses
- CWE-311: CWE-311: Missing Encryption of Sensitive Data
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/104672
- https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
References
- http://www.securityfocus.com/bid/104672
- https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.