CVE-2018-10630

moderate-risk
Published 2018-08-10

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

Do I need to act?

~
2.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Tsw-X60 Firmware
Mc3 Firmware

Affected Vendors

Crestron

References (4)

Third Party Advisory http://www.securityfocus.com/bid/105051
Patch https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
Third Party Advisory http://www.securityfocus.com/bid/105051
Patch https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 5/34 · Minimal
Exposure 7/34 · Low