CVE-2018-4858

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

Se ha identificado una vulnerabilidad en IEC 61850 system configurator (todas las versiones anteriores a la V5.80); DIGSI 5, afectado al incorporar IEC 61850 system configurator (todas las versiones anteriores a la V7.80); DIGSI 4 (todas las versiones anteriores a la V4.93); SICAM PAS/PQS (todas las versiones anteriores a la V8.11); SICAM PQ Analyzer (todas las versiones anteriores a la V3.11); y SICAM SCC (todas las versiones anteriores a la V9.02 HF3). Un servicio de los productos afectados que escucha en todas las interfaces de red del host, ya sea en los puertos 4884/TCP, 5885/TCP o 5886/TCP, podría permitir que un atacante filtre información limitada del sistema al exterior, o bien ejecute código con permisos de usuario de Microsoft Windows. Para que la explotación tenga éxito, es necesario que un atacante pueda enviar una petición de red especialmente manipulada al servicio vulnerable y que un usuario interactúe con la aplicación cliente del servicio en el host. Para ejecutar código arbitrario con permisos de usuario de Microsoft Windows, un atacante debe tener la capacidad de colocar código de manera anticipada en el host por oros medios. La vulnerabilidad tiene un impacto limitado en la confidencialidad e integridad del sistema afectad. En el momento de la publicación del aviso, no se conoce ninguna explotación pública de la vulnerabilidad de seguridad. Siemens confirma la vulnerabilidad de seguridad y proporciona mitigaciones para resolver el problema de seguridad.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-01-02 CVE Reserved
2018-07-09 CVE Published
2023-11-30 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/105933	Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf	2023-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Ec 61850 System Configurator Firmware Search vendor "Siemens" for product "Ec 61850 System Configurator Firmware"	< 5.80 Search vendor "Siemens" for product "Ec 61850 System Configurator Firmware" and version " < 5.80"	-	Affected	in	Siemens Search vendor "Siemens"	Ec 61850 System Configurator Search vendor "Siemens" for product "Ec 61850 System Configurator"	-	-	Safe
Siemens Search vendor "Siemens"	Sicam Pq Analyzer Firmware Search vendor "Siemens" for product "Sicam Pq Analyzer Firmware"	< 3.11 Search vendor "Siemens" for product "Sicam Pq Analyzer Firmware" and version " < 3.11"	-	Affected	in	Siemens Search vendor "Siemens"	Sicam Pq Analyzer Search vendor "Siemens" for product "Sicam Pq Analyzer"	-	-	Safe
Siemens Search vendor "Siemens"	Sicam Scc Firmware Search vendor "Siemens" for product "Sicam Scc Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Sicam Scc Search vendor "Siemens" for product "Sicam Scc"	-	-	Safe
Siemens Search vendor "Siemens"	Digsi 4 Firmware Search vendor "Siemens" for product "Digsi 4 Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Digsi 4 Search vendor "Siemens" for product "Digsi 4"	-	-	Safe
Siemens Search vendor "Siemens"	Digsi 5 Firmware Search vendor "Siemens" for product "Digsi 5 Firmware"	< 7.80 Search vendor "Siemens" for product "Digsi 5 Firmware" and version " < 7.80"	-	Affected	in	Siemens Search vendor "Siemens"	Digsi 5 Search vendor "Siemens" for product "Digsi 5"	-	-	Safe
Siemens Search vendor "Siemens"		Sicam Pas\/pqs Search vendor "Siemens" for product "Sicam Pas\/pqs"				< 8.11 Search vendor "Siemens" for product "Sicam Pas\/pqs" and version " < 8.11"		-		Affected