CVE-2018-11457
Vulnerability from cvelistv5
Published
2018-12-12 16:00
Modified
2024-08-05 08:10
Severity ?
Summary
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:10:14.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106185",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "SINUMERIK 828D V4.7 : All versions \u003c V4.7 SP6 HF1"
            },
            {
              "status": "affected",
              "version": "SINUMERIK 840D sl V4.7 : All versions \u003c V4.7 SP6 HF5"
            },
            {
              "status": "affected",
              "version": "SINUMERIK 840D sl V4.8 : All versions \u003c V4.8 SP3"
            }
          ]
        }
      ],
      "datePublic": "2018-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-14T10:57:02",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "106185",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-11457",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SINUMERIK 828D V4.7 : All versions \u003c V4.7 SP6 HF1"
                          },
                          {
                            "version_value": "SINUMERIK 840D sl V4.7 : All versions \u003c V4.7 SP6 HF5"
                          },
                          {
                            "version_value": "SINUMERIK 840D sl V4.8 : All versions \u003c V4.8 SP3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106185",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106185"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-11457",
    "datePublished": "2018-12-12T16:00:00",
    "dateReserved": "2018-05-25T00:00:00",
    "dateUpdated": "2024-08-05T08:10:14.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11457\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2018-12-12T16:29:00.247\",\"lastModified\":\"2019-10-09T23:33:32.667\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions \u003c V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions \u003c V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions \u003c V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SINUMERIK 828D V4.7 (todas las versiones anteriores a la V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (todas las versiones anteriores a la V4.7 SP6 HF5) y SINUMERIK 840D sl V4.8 (todas las versiones anteriores a la V4.8 SP3). El servidor web integrado en el puerto 4842/tcp de los productos afectados podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo con permisos privilegiados en el sistema mediante el env\u00edo de peticiones de web especialmente manipuladas al puerto 4842/tcp. N\u00f3tese que esta vulnerabilidad solo puede explotarse si el puerto 4842/tcp se abre manualmente en la configuraci\u00f3n de firewall del puerto de red X130. La vulnerabilidad de seguridad podr\u00eda ser explotada por atacantes con acceso de red a los sistemas afectados en el puerto 4842/tcp. Su explotaci\u00f3n con \u00e9xito no requiere privilegios de usuario ni interacci\u00f3n. Esta vulnerabilidad podr\u00eda permitir que un atacante comprometa la confidencialidad, integridad y disponibilidad del servidor web. En el momento de la publicaci\u00f3n del advisory, no se conoce ninguna explotaci\u00f3n p\u00fablica de la vulnerabilidad de seguridad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_828d_v4.7_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.7\",\"matchCriteriaId\":\"96A87A16-2670-4751-8B62-9C7ACE6BC705\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_828d_v4.7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F8425A-13F1-404C-9BF2-E9259BFE9BED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_840d_sl_v4.7_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.7\",\"matchCriteriaId\":\"061BC154-7411-4982-B9F8-9A1873099EC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_840d_sl_v4.7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286E7189-4FBC-4FC4-A411-C2365794A96D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_840d_sl_v4.8_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.8\",\"matchCriteriaId\":\"C4E14591-E3AA-4177-814E-3FB4C8F15590\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_840d_sl_v4.8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F75930F-4085-4A41-BCB6-930ADB8F0C32\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106185\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.