CVE-2018-4834

CVE: CVE-2018-4834
Published: 2018-01-24T16:29Z
Description Language: en
Description: A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
References:
http://www.securityfocus.com/bid/102850
https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf