CVE-2018-10630

EUVD-2018-2702
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
crestrontsw-x60_firmware
𝑥
< 2.001.0037.001
crestronmc3_firmware
𝑥
< 1.502.0047.001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105051
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
http://www.securityfocus.com/bid/105051
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01