Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability

Bugtraq ID:	105933
Class:	Access Validation Error
CVE:	CVE-2018-4858
Remote:	Yes
Local:	No
Published:	Nov 15 2018 12:00AM
Updated:	Nov 15 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Siemens SICAM SCC 9.0 Siemens SICAM PQS 8.10 Siemens SICAM PQ Analyzer 3.10 Siemens SICAM PAS 8.10 Siemens SICAM PAS 8.08 Siemens SICAM PAS 8.07 Siemens SICAM PAS 8.00 Siemens SICAM PAS 6.0 Siemens IEC 61850 system configurator 4.0 Siemens DIGSI 5 7.0 Siemens DIGSI 4 4.92
Not Vulnerable:	Siemens SICAM SCC 9.02 HF3 Siemens SICAM PQS 8.11 Siemens SICAM PQ Analyzer 3.11 Siemens SICAM PAS 8.11 Siemens IEC 61850 system configurator 5.80 Siemens DIGSI 5 7.80 Siemens DIGSI 4 4.93

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability

Siemens multiple products are prone to an access-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

The following products are affected:

IEC 61850 system configurator all versions prior to 5.80
DIGSI 5 (affected as IEC 61850 system configurator is incorporated) versions prior to 7.80
DIGSI 4 versions prior to 4.93
SICAM PAS/PQS versions prior to 8.11
SICAM PQ Analyzer versions prior to 3.11, and
SICAM SCC versions prior to v9.02 HF3

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability

References:

• Siemens Homepage (Siemens)
  
• ICSA-18-317-01: Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM P (CERT)