For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105051 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 | Patch Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2018-08-10 19:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-10630
Mitre link : CVE-2018-10630
CVE.ORG link : CVE-2018-10630
JSON object : View
Products Affected
crestron
- tsw-1060-w-s
- tsw-1060-b-s
- tsw-1060-nc-w-s
- mc3_firmware
- tsw-760-b-s
- tsw-560-nc-b-s
- tsw-x60_firmware
- tsw-1060-nc-b-s
- mc3
- tsw-560-nc-w-s
- tsw-760-w-s
- tsw-760-nc-w-s
- tsw-760-nc-b-s
- tsw-560-w-s
- tsw-560-b-s