Описание
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:siemens:siclock_tc400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siclock_tc400:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:siemens:siclock_tc100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siclock_tc100:-:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00135
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-311
CWE-311
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.
EPSS
Процентиль: 34%
0.00135
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-311
CWE-311