30 March 2018

Critical vulnerability closed in TIM 1531 IRC modules

US ICS-CERT has published an advisory on a vulnerability in Siemens TIM 1531 IRC communication modules. Successful exploitation of the vulnerability could enable an unauthorized remote attacker to manipulate data and settings on the affected device and could cause the device to enter a denial-of-service condition.

The vulnerability, which was assigned the ID CVE-2018-4841, is rated as critical (CVSS v.3 base score of 9.8).

Siemens recommends that users of all TIM 1531 IRC modules with firmware versions earlier than v1.1 should install the latest firmware update, which closes the vulnerability, as soon as possible.

Until the firmware update has been installed, users should restrict access to ports 80/tcp and 443 /tcp in their network infrastructure to reduce the risk of the vulnerability being exploited.

Sources: ICS-CERT, Siemens