{"api_version":"1","generated_at":"2026-05-04T03:22:15+00:00","cve":"CVE-2018-13816","urls":{"html":"https://cve.report/CVE-2018-13816","api":"https://cve.report/api/cve/CVE-2018-13816.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-13816","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-13816"},"summary":{"title":"CVE-2018-13816","description":"A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.","state":"PUBLIC","assigner":"productcert@siemens.com","published_at":"2018-12-12 16:29:00","updated_at":"2019-10-09 23:34:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106194","name":"106194","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Siemens TIM 1531 IRC CVE-2018-13816 Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-13816","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13816","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"13816","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"tim_1531_irc","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"13816","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"siemens","cpe5":"tim_1531_irc","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"13816","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"tim_1531_irc_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"13816","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"siemens","cpe5":"tim_1531_irc_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"productcert@siemens.com","ID":"CVE-2018-13816","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"TIM 1531 IRC","version":{"version_data":[{"version_value":"TIM 1531 IRC : All version < V2.0"}]}}]},"vendor_name":"Siemens AG"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284: Improper Access Control"}]}]},"references":{"reference_data":[{"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf","refsource":"CONFIRM","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"},{"name":"106194","refsource":"BID","url":"http://www.securityfocus.com/bid/106194"}]}},"nvd":{"publishedDate":"2018-12-12 16:29:00","lastModifiedDate":"2019-10-09 23:34:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":10,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"13816","Ordinal":"130479","Title":"CVE-2018-13816","CVE":"CVE-2018-13816","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"13816","Ordinal":"1","NoteData":"A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"13816","Ordinal":"2","NoteData":"2018-12-12","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"13816","Ordinal":"3","NoteData":"2018-12-14","Type":"Other","Title":"Modified"}]}}}