Vulnerability Description
A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Pxc12\/22\/36-E.D Firmware | < 6.00.204 |
| Siemens | Pxc12\/22\/36-E.D | - |
| Siemens | Pxc00\/50\/100\/200-E.D Firmware | < 6.00.204 |
| Siemens | Pxc00\/50\/100\/200-E.D | - |
| Siemens | Pxc00\/64\/128-U Firmware | < 6.00.204 |
| Siemens | Pxc00\/64\/128-U | - |
| Siemens | Pxc001-E.D Firmware | < 6.00.204 |
| Siemens | Pxc001-E.D | - |
| Siemens | Pxm20-E Firmware | < 6.00.204 |
| Siemens | Pxm20-E | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf
FAQ
What is CVE-2018-4834?
CVE-2018-4834 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC...
How severe is CVE-2018-4834?
CVE-2018-4834 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-4834?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Pxc12\/22\/36-E.D Firmware, Siemens Pxc12\/22\/36-E.D, Siemens Pxc00\/50\/100\/200-E.D Firmware, Siemens Pxc00\/50\/100\/200-E.D, Siemens Pxc00\/64\/128-U Firmware.