CVE-2018-4841
published 2018-03-29CVE-2018-4841: A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.93%
91.0th percentile
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | tim_1531_irc_firmware | < 1.1 | 1.1 |
| siemens_ag | tim_1531_irc | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated administrative HTTP/HTTPS requests to TIM 1531 IRC devices on port 80/TCP and 443/TCP — no authentication headers or session tokens will be present in exploit traffic. ↗
- →Monitor for administrative operations (configuration reads/writes, data manipulation) originating from unexpected or external source IPs targeting TIM 1531 IRC devices on ports 80 and 443. ↗
- →Flag any TIM 1531 IRC device running firmware versions prior to V1.1 as unpatched and at risk; version identification via banner grabbing on ports 80/443 can confirm exposure. ↗
- ·The vulnerability is classified as CWE-303 (Incorrect Implementation of Authentication Algorithm), meaning the device exposes administrative functions without enforcing authentication — network-level access controls are the primary compensating control until patching. ↗
- ·No public exploits were known at time of advisory publication, reducing (but not eliminating) immediate exploitation risk. ↗
- ·CVSS v3 base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating network-reachable, zero-interaction, no-privilege exploitation with full CIA impact — treat any internet-exposed TIM 1531 IRC as critically at risk. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vj79-837c-gmf4: A vulnerability has been identified in TIM 1531 IRC (All versions < V1
ghsa_unreviewed·2022-05-13
CVE-2018-4841 [CRITICAL] CWE-287 GHSA-vj79-837c-gmf4: A vulnerability has been identified in TIM 1531 IRC (All versions < V1
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.
CISA ICS
Siemens TIM 1531 IRC
cisa_ics·2018-03-29
Siemens TIM 1531 IRC
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens TIM 1531 IRC
Last RevisedMarch 29, 2018
Alert CodeICSA-18-088-02
## CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit.
Vendor: Siemens
Equipment: TIM 1531 IRC
Vulnerability: Missing Authentication for Critical Function
## AFFECTED PRODUCTS
Siemens reports that the vulnerability affects the following TIM 1531 IRC communications modules:
- TIM 1531 IRC, all versions prior to v1.1
## IMPACT
Successful exploitation may cause the device to enter a denial-of-service condition, or allow the attacker to read and manipulate data and configuration sett
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-03-29
Published