CVE-2018-13816
published 2018-12-12CVE-2018-13816: A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured…
PriorityP264critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
2.80%
84.7th percentile
A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | tim_1531_irc_firmware | < 2.0 | 2.0 |
| siemens_ag | tim_1531_irc | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated S7comm/ISO-TSAP connections on port 102/TCP to TIM 1531 IRC devices; any administrative operations performed without prior authentication handshake are indicative of exploitation. ↗
- →Alert on inbound TCP connections to port 102 on TIM 1531 IRC devices originating from untrusted or unexpected IP addresses, as the vulnerability requires only network reachability with no credentials. ↗
- ·The missing authentication bypass only applies when the device has been configured (authentication is expected to be enforced); devices running firmware prior to v2.0 are affected regardless of their authentication configuration. ↗
- ·All TIM 1531 IRC firmware versions prior to 2.0 are vulnerable; upgrading to v2.0 and reloading the TIM station from engineering is required to remediate. ↗
CVSS provenance
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vx39-fw57-q8mc: A vulnerability has been identified in TIM 1531 IRC (All version < V2
ghsa_unreviewed·2022-05-13
CVE-2018-13816 [CRITICAL] CWE-287 GHSA-vx39-fw57-q8mc: A vulnerability has been identified in TIM 1531 IRC (All version < V2
A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.
CISA ICS
Siemens TIM 1531 IRC Modules
cisa_ics·2020-09-25·CVSS 10.0
[CRITICAL] Siemens TIM 1531 IRC Modules
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens TIM 1531 IRC Modules
Last RevisedSeptember 25, 2020
Alert CodeICSA-18-352-05
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: TIM 1531 IRC
- Vulnerability: Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform arbitrary administrative operations.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of TIM 1531 IRC—a communication module for SIMATIC S7-1500, S7-400, and S
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-12
Published