CVE-2018-10630

Published Aug 10, 2018

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-287
ics-cert@hq.dhs.gov: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:crestron:tsw-x60_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0C26C6C-4F6D-4084-AA36-CDBBF5B182F0",
            "versionEndExcluding": "2.001.0037.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:crestron:tsw-1060-b-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5B827C62-5712-4511-8506-74B925DA053B"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-1060-nc-b-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D41EF7B1-8F7A-4F66-B9B1-90405F507FE8"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-1060-nc-w-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "28A41D87-44CE-452D-A696-5DFCAEFF3D4C"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-1060-w-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BCAC6D4C-51C5-4687-B9F5-8B3FD9F4503E"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-560-b-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A7B4BBE9-C4D1-42C1-AD23-3F47D2E7BCD4"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-560-nc-b-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "621667FD-7FC9-4606-857B-2423EAEF613A"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-560-nc-w-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "30C58417-CA62-4E68-8421-A968406F4797"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-560-w-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A888FB2-6F71-4D45-9E03-505DAD49909A"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-760-b-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "01970CD6-3FE7-42BF-A2BB-358692F8B787"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-760-nc-b-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "507A0431-6EB0-4535-AD17-97C09542AB6E"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-760-nc-w-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B084CEC7-E1B0-44F1-AAAB-CEC86EA767AF"
          },
          {
            "criteria": "cpe:2.3:h:crestron:tsw-760-w-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5FBE392B-4A2B-4B7E-9F1D-6E55FCE0146C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:crestron:mc3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B16FD3DA-6249-4252-A76A-E3BDDD37E849",
            "versionEndExcluding": "1.502.0047.001"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:crestron:mc3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3E648452-F573-478D-9A32-1D76534926D4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References