Vulnerability Description
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Martem | Telem-Gwm Firmware | <= 2018.04.18-linux_4-01-601cb47 |
| Martem | Telem-Gwm | - |
| Martem | Telem-Gw6 Firmware | <= 2018.04.18-linux_4-01-601cb47 |
| Martem | Telem-Gw6 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104286Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/104286Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10603?
CVE-2018-10603 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the i...
How severe is CVE-2018-10603?
CVE-2018-10603 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10603?
Check the references section above for vendor advisories and patch information. Affected products include: Martem Telem-Gwm Firmware, Martem Telem-Gwm, Martem Telem-Gw6 Firmware, Martem Telem-Gw6.