Siemens fixed three flaws in plant management product Siemens TeleControl Basic system

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary:
This story from securityaffairs.co reviews that Siemens has fixed three security holes in its plant management product, the Siemens TeleControl base system.The system is used in water treatment facilities, traffic monitoring systems, and energy distribution plants. TeleControl Basic Control Center runs TeleControl Server Basic software. Siemens TeleControl Basic system enables organizations to monitor and control the operation of industrial processes and municipal facilities in industrial environments.
Siemens TeleControl basic
The TeleControl Server Basic system is attacked by three vulnerabilities. An attacker can exploit these three vulnerabilities to perform different types of attacks, including privilege escalation, bypass authentication, and denial of service (DoS) attacks.
“The latest update to TeleControl Server Basic addresses three vulnerabilities, one of which could allow an authenticated attacker who accesses over the network to upgrade their rights and perform administrative actions.” The security advisory issued by Siemens AG shows.
Siemens recommends updating to the new version. ”
This is the first time Siemens has released a safety bulletin of Siemens and ICS-CERT for vulnerabilities affecting TeleControl products
These defects affect TeleControl Server Basic versions prior to V3.1, the worst of which will be considered as CVE-2018-4836 and will be rated as high severity.
In the list of vulnerabilities and related description below:
Vulnerability – CVE-2018-4835 [CVSS v3.0 Base Score 5.3] – An attacker can bypass the authentication mechanism and access limited information by using the network to access TeleControl Server Basic’s port 8000 / tcp.
Vulnerability – CVE-2018-4836 [CVSS v3.0 Base Score 8.8] – Port 8000 / tcp for TeleControl Server Basic may be exploited by an authentication-less attacker to elevate privileges and perform management operations.
Vulnerability – CVE-2018-4837 [CVSS v3.0 Basics 5.3] – An attacker who accesses a TeleControl Server Basic’s web server (port 80 / tcp or 443 / tcp) can exploit this vulnerability on the web server.
Siemens also offers a number of solutions to mitigate the risk of attack, including blocking of TCP port 8000 via Windows Firewall for CVE-2018-4835, CVE-2018-4836, and blocking of ports 80 and 443-4837 of CVE-2018.
The United States ICS-CERT also released a detailed consultation on the Siemens TeleControl Basic vulnerability.
Read more…
Siemens has patched three security vulnerabilities in its Plant Management Product, the Siemens TeleControl Basic system. The system is used in water treatment facilities, traffic monitoring systems, and energy distribution plants. The TeleControl Basic control center runs the TeleControl Server Basic software. The Siemens TeleControl Basic system allows organizations to monitor and control processes in Engaging post, Read More…
thumbnail courtesy of securityaffairs.co.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post

The post Siemens fixed three flaws in plant management product Siemens TeleControl Basic system appeared first on Safe Harbor on Cyber.