Vulnerability Description
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Crestron | Tsw-X60 Firmware | < 2.001.0037.001 |
| Crestron | Tsw-1060-B-S | - |
| Crestron | Tsw-1060-Nc-B-S | - |
| Crestron | Tsw-1060-Nc-W-S | - |
| Crestron | Tsw-1060-W-S | - |
| Crestron | Tsw-560-B-S | - |
| Crestron | Tsw-560-Nc-B-S | - |
| Crestron | Tsw-560-Nc-W-S | - |
| Crestron | Tsw-560-W-S | - |
| Crestron | Tsw-760-B-S | - |
| Crestron | Tsw-760-Nc-B-S | - |
| Crestron | Tsw-760-Nc-W-S | - |
| Crestron | Tsw-760-W-S | - |
| Crestron | Mc3 Firmware | < 1.502.0047.001 |
| Crestron | Mc3 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105051Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/105051Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10630?
CVE-2018-10630 is a vulnerability with a CVSS score of 9.8 (CRITICAL). For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need t...
How severe is CVE-2018-10630?
CVE-2018-10630 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10630?
Check the references section above for vendor advisories and patch information. Affected products include: Crestron Tsw-X60 Firmware, Crestron Tsw-1060-B-S, Crestron Tsw-1060-Nc-B-S, Crestron Tsw-1060-Nc-W-S, Crestron Tsw-1060-W-S.