Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-3989 (GCVE-0-2018-3989)
Vulnerability from cvelistv5 – Published: 2019-02-05 22:00 – Updated: 2024-08-05 04:57
VLAI?
EPSS
Summary
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Severity ?
4.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:37",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3989",
"datePublished": "2019-02-05T22:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T04:57:24.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DAB4985-4CF4-42FF-B85C-362E56310075\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de exposici\\u00f3n de memoria del kernel explotable en la funcionalidad del gestor IOCTL 0x8200E804 de WibuKey.sys de WIBI-SYSTEMS, en su versi\\u00f3n 6.40 (en el build 2400). Una petici\\u00f3n IRP especialmente manipulada puede causar que el controlador devuelva memoria no inicializada, conduciendo a una exposici\\u00f3n de la memoria del kernel. Un atacante puede enviar una petici\\u00f3n IRP para provocar esta vulnerabilidad.\"}]",
"id": "CVE-2018-3989",
"lastModified": "2024-11-21T04:06:26.763",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-02-05T23:29:00.310",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/107005\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-3989\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2019-02-05T23:29:00.310\",\"lastModified\":\"2024-11-21T04:06:26.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de exposici\u00f3n de memoria del kernel explotable en la funcionalidad del gestor IOCTL 0x8200E804 de WibuKey.sys de WIBI-SYSTEMS, en su versi\u00f3n 6.40 (en el build 2400). Una petici\u00f3n IRP especialmente manipulada puede causar que el controlador devuelva memoria no inicializada, conduciendo a una exposici\u00f3n de la memoria del kernel. Un atacante puede enviar una petici\u00f3n IRP para provocar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DAB4985-4CF4-42FF-B85C-362E56310075\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107005\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
GHSA-R77M-FR9V-2JVR
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI?
Details
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-3989"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-05T23:29:00Z",
"severity": "MODERATE"
},
"details": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"id": "GHSA-r77m-fr9v-2jvr",
"modified": "2022-05-13T01:01:47Z",
"published": "2022-05-13T01:01:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3989"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CERTFR-2019-AVI-078
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Siemens WinCC OA. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50 | ||
| Siemens | N/A | SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50 | ||
| Siemens | N/A | SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Siemens WinCC OA.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans Siemens WinCC OA",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844562 du 25 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
}
]
}
CERTFR-2019-AVI-078
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Siemens WinCC OA. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50 | ||
| Siemens | N/A | SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50 | ||
| Siemens | N/A | SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Siemens WinCC OA.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans Siemens WinCC OA",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844562 du 25 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
}
]
}
CERTFR-2019-AVI-207
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels 4" - 22" versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SISHIP IPMS | ||
| Siemens | N/A | SIMATIC PCS 7 | ||
| Siemens | N/A | LOGO! Soft Comfort | ||
| Siemens | N/A | LOGO!8 BM | ||
| Siemens | N/A | SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd3 | ||
| Siemens | N/A | SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel) | ||
| Siemens | N/A | SINAMICS PERFECT HARMONY GH180 | ||
| Siemens | N/A | SISHIP IMAC | ||
| Siemens | N/A | SISHIP EMCS | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SCALANCE W1750D versions antérieures à V8.4.0.1 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional versions antérieures à V15.1 Update 1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels 4\" - 22\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP IPMS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! Soft Comfort",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO!8 BM",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS PERFECT HARMONY GH180",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP IMAC",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP EMCS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 V8.4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7083",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7083"
},
{
"name": "CVE-2019-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10919"
},
{
"name": "CVE-2019-10920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10920"
},
{
"name": "CVE-2019-6572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6572"
},
{
"name": "CVE-2018-16417",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16417"
},
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2019-10916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10916"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
},
{
"name": "CVE-2019-10922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10922"
},
{
"name": "CVE-2019-10921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10921"
},
{
"name": "CVE-2019-10924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10924"
},
{
"name": "CVE-2019-10918",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10918"
},
{
"name": "CVE-2019-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10917"
},
{
"name": "CVE-2018-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7064"
},
{
"name": "CVE-2019-6578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6578"
},
{
"name": "CVE-2018-7084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7084"
},
{
"name": "CVE-2019-6576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6576"
},
{
"name": "CVE-2019-6577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6577"
},
{
"name": "CVE-2019-6574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6574"
},
{
"name": "CVE-2018-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7082"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-207",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
},
{
"description": "Ajout de SCADA dans le titre.",
"revision_date": "2019-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705517 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-865156 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-902727 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-606525 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549547 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-697412 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102144 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
}
]
}
CERTFR-2019-AVI-207
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels 4" - 22" versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SISHIP IPMS | ||
| Siemens | N/A | SIMATIC PCS 7 | ||
| Siemens | N/A | LOGO! Soft Comfort | ||
| Siemens | N/A | LOGO!8 BM | ||
| Siemens | N/A | SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd3 | ||
| Siemens | N/A | SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel) | ||
| Siemens | N/A | SINAMICS PERFECT HARMONY GH180 | ||
| Siemens | N/A | SISHIP IMAC | ||
| Siemens | N/A | SISHIP EMCS | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SCALANCE W1750D versions antérieures à V8.4.0.1 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional versions antérieures à V15.1 Update 1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels 4\" - 22\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP IPMS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! Soft Comfort",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO!8 BM",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS PERFECT HARMONY GH180",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP IMAC",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP EMCS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 V8.4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7083",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7083"
},
{
"name": "CVE-2019-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10919"
},
{
"name": "CVE-2019-10920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10920"
},
{
"name": "CVE-2019-6572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6572"
},
{
"name": "CVE-2018-16417",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16417"
},
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2019-10916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10916"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
},
{
"name": "CVE-2019-10922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10922"
},
{
"name": "CVE-2019-10921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10921"
},
{
"name": "CVE-2019-10924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10924"
},
{
"name": "CVE-2019-10918",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10918"
},
{
"name": "CVE-2019-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10917"
},
{
"name": "CVE-2018-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7064"
},
{
"name": "CVE-2019-6578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6578"
},
{
"name": "CVE-2018-7084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7084"
},
{
"name": "CVE-2019-6576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6576"
},
{
"name": "CVE-2019-6577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6577"
},
{
"name": "CVE-2019-6574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6574"
},
{
"name": "CVE-2018-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7082"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-207",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
},
{
"description": "Ajout de SCADA dans le titre.",
"revision_date": "2019-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705517 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-865156 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-902727 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-606525 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549547 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-697412 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102144 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
}
]
}
CERTFR-2019-AVI-052
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC FieldPG M5 versions antérieures à V22.01.06 | ||
| Siemens | N/A | SIMATIC IPC547E versions antérieures à R1.30.0 | ||
| Siemens | N/A | relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.82 | ||
| Siemens | N/A | SIMATIC IPC827D versions antérieures à V19.02.11 | ||
| Siemens | N/A | SIMATIC ITC1900 V3 PRO versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC ITP1000 versions antérieures à V23.01.04 | ||
| Siemens | N/A | SIMATIC IPC847D versions antérieures à V19.01.14 | ||
| Siemens | N/A | SICAM 230 versions antérieures à V7.20 avec WibuKey Digital Rights Management (DRM) versions antérieures à 6.5 | ||
| Siemens | N/A | relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.58 | ||
| Siemens | N/A | Firmware variant IEC 61850 pour module ethernet EN100 versions antérieures à V4.35 | ||
| Siemens | N/A | SIMATIC ITC1500 V3 PRO versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC IPC547G versions antérieures à R1.23.0 | ||
| Siemens | N/A | SIMATIC IPC477E versions antérieures à V21.01.09 | ||
| Siemens | N/A | SIMATIC ITC2200 V3 PRO versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC IPC677D versions antérieures à V19.02.11 | ||
| Siemens | N/A | SIMATIC ITC2200 V3 versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC IPC627D versions antérieures à V19.02.11 | ||
| Siemens | N/A | SIMATIC IPC427E versions antérieures à V21.01.09 | ||
| Siemens | N/A | SIMATIC IPC647D versions antérieures à V19.01.14 | ||
| Siemens | N/A | SIMATIC ITC1500 V3 versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC ITC1900 V3 versions antérieures à V3.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC FieldPG M5 versions ant\u00e9rieures \u00e0 V22.01.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC547E versions ant\u00e9rieures \u00e0 R1.30.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.82",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC827D versions ant\u00e9rieures \u00e0 V19.02.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000 versions ant\u00e9rieures \u00e0 V23.01.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC847D versions ant\u00e9rieures \u00e0 V19.01.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 versions ant\u00e9rieures \u00e0 V7.20 avec WibuKey Digital Rights Management (DRM) versions ant\u00e9rieures \u00e0 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.58",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Firmware variant IEC 61850 pour module ethernet EN100 versions ant\u00e9rieures \u00e0 V4.35",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC547G versions ant\u00e9rieures \u00e0 R1.23.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC477E versions ant\u00e9rieures \u00e0 V21.01.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC677D versions ant\u00e9rieures \u00e0 V19.02.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC627D versions ant\u00e9rieures \u00e0 V19.02.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427E versions ant\u00e9rieures \u00e0 V21.01.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC647D versions ant\u00e9rieures \u00e0 V19.01.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16563",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16563"
},
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
},
{
"name": "CVE-2018-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2018-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
},
{
"name": "CVE-2018-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-505225 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-760124 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-104088 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
}
]
}
CERTFR-2019-AVI-052
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC FieldPG M5 versions antérieures à V22.01.06 | ||
| Siemens | N/A | SIMATIC IPC547E versions antérieures à R1.30.0 | ||
| Siemens | N/A | relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.82 | ||
| Siemens | N/A | SIMATIC IPC827D versions antérieures à V19.02.11 | ||
| Siemens | N/A | SIMATIC ITC1900 V3 PRO versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC ITP1000 versions antérieures à V23.01.04 | ||
| Siemens | N/A | SIMATIC IPC847D versions antérieures à V19.01.14 | ||
| Siemens | N/A | SICAM 230 versions antérieures à V7.20 avec WibuKey Digital Rights Management (DRM) versions antérieures à 6.5 | ||
| Siemens | N/A | relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.58 | ||
| Siemens | N/A | Firmware variant IEC 61850 pour module ethernet EN100 versions antérieures à V4.35 | ||
| Siemens | N/A | SIMATIC ITC1500 V3 PRO versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC IPC547G versions antérieures à R1.23.0 | ||
| Siemens | N/A | SIMATIC IPC477E versions antérieures à V21.01.09 | ||
| Siemens | N/A | SIMATIC ITC2200 V3 PRO versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC IPC677D versions antérieures à V19.02.11 | ||
| Siemens | N/A | SIMATIC ITC2200 V3 versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC IPC627D versions antérieures à V19.02.11 | ||
| Siemens | N/A | SIMATIC IPC427E versions antérieures à V21.01.09 | ||
| Siemens | N/A | SIMATIC IPC647D versions antérieures à V19.01.14 | ||
| Siemens | N/A | SIMATIC ITC1500 V3 versions antérieures à V3.1 | ||
| Siemens | N/A | SIMATIC ITC1900 V3 versions antérieures à V3.1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC FieldPG M5 versions ant\u00e9rieures \u00e0 V22.01.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC547E versions ant\u00e9rieures \u00e0 R1.30.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.82",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC827D versions ant\u00e9rieures \u00e0 V19.02.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000 versions ant\u00e9rieures \u00e0 V23.01.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC847D versions ant\u00e9rieures \u00e0 V19.01.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 versions ant\u00e9rieures \u00e0 V7.20 avec WibuKey Digital Rights Management (DRM) versions ant\u00e9rieures \u00e0 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.58",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Firmware variant IEC 61850 pour module ethernet EN100 versions ant\u00e9rieures \u00e0 V4.35",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC547G versions ant\u00e9rieures \u00e0 R1.23.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC477E versions ant\u00e9rieures \u00e0 V21.01.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC677D versions ant\u00e9rieures \u00e0 V19.02.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC627D versions ant\u00e9rieures \u00e0 V19.02.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427E versions ant\u00e9rieures \u00e0 V21.01.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC647D versions ant\u00e9rieures \u00e0 V19.01.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-16563",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16563"
},
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
},
{
"name": "CVE-2018-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2018-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
},
{
"name": "CVE-2018-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-505225 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-760124 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-104088 du 12 f\u00e9vrier 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
}
]
}
ICSA-19-043-03
Vulnerability from csaf_cisa - Published: 2019-02-12 00:00 - Updated: 2019-05-14 00:00Summary
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.
Critical infrastructure sectors
Commercial Facilities, Communications, Critical Manufacturing, Energy, Financial Services, Healthcare and Public Health, Transportation Systems
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices
NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Communications, Critical Manufacturing, Energy, Financial Services, Healthcare and Public Health, Transportation Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-043-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-043-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-043-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-043-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-043-03"
}
],
"title": "WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)",
"tracking": {
"current_release_date": "2019-05-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-043-03",
"initial_release_date": "2019-02-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-02-12T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-043-03 Siemens Licensing Software for SICAM 230"
},
{
"date": "2019-02-14T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-19-043-03 Siemens Licensing Software for SICAM 230 (Update A)"
},
{
"date": "2019-03-12T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-19-043-03 WIBU-SYSTEMS AG WibuKey Digital Rights Management (Update B)"
},
{
"date": "2019-04-09T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-19-043-03 WIBU SYSTEMS AG WibuKey Digital Rights Management (Update C)"
},
{
"date": "2019-05-14T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-19-043-03 WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 7.20",
"product": {
"name": "Siemens SICAM 230: All Versions 7.20 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Siemens SICAM 230"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c P007",
"product": {
"name": "3.16: All versions prior to vP007",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Siemens SIMATIC WinCC OA 3.16"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Siemens SISHIP EMCS IMAC IPMS: All versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Siemens SISHIP EMCS IMAC IPMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product": {
"name": "Sprecher Automation SPRECON-V460 products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Sprecher Automation SPRECON-V460 products"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 9.2",
"product": {
"name": "COPA-DATA straton workbench: All Versions 9.2 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "COPA-DATA straton workbench"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.14.25 | 3.15.18",
"product": {
"name": "Phoenix Contact MEVIEW3: All versions prior to 3.14.25 and 3.15.18",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Phoenix Contact MEVIEW3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c P025",
"product": {
"name": "3.14: All versions prior to vP025",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Siemens SIMATIC WinCC OA 3.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c P018",
"product": {
"name": "3.15: All versions prior to vP018",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Siemens SIMATIC WinCC OA 3.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product": {
"name": "COPA-DATA zenon products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "COPA-DATA zenon products"
}
],
"category": "vendor",
"name": "WIBU-SYSTEMS AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3989",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A specially crafted IRP (I/O request packet) can cause the driver to return uninitialized memory, which may result in kernel memory disclosure.CVE-2018-3989 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3989"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Updated Wibu Systems Software can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "https://www.wibu.com/support/user/downloads-user-software.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.wibu.com/support/user/downloads-user-software.html"
},
{
"category": "vendor_fix",
"details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"category": "vendor_fix",
"details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
},
{
"category": "vendor_fix",
"details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
},
{
"category": "vendor_fix",
"details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.phoenixcontact.com/psirt",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
},
{
"category": "vendor_fix",
"details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2018-3990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A specially crafted IRP (I/O request packet) can cause a buffer overflow resulting in kernel memory corruption, which may allow privilege escalation.CVE-2018-3990 has been assigned to this vulnerability. A CVSS v3 base score of 9.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3990"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Updated Wibu Systems Software can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "https://www.wibu.com/support/user/downloads-user-software.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.wibu.com/support/user/downloads-user-software.html"
},
{
"category": "vendor_fix",
"details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"category": "vendor_fix",
"details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
},
{
"category": "vendor_fix",
"details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
},
{
"category": "vendor_fix",
"details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.phoenixcontact.com/psirt",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
},
{
"category": "vendor_fix",
"details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2018-3991",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A specially crafted TCP packet sent to Port 22347/TCP can cause a heap overflow, which may lead to remote code execution.CVE-2018-3991 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3991"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Updated Wibu Systems Software can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "https://www.wibu.com/support/user/downloads-user-software.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.wibu.com/support/user/downloads-user-software.html"
},
{
"category": "vendor_fix",
"details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"category": "vendor_fix",
"details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
},
{
"category": "vendor_fix",
"details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
},
{
"category": "vendor_fix",
"details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.phoenixcontact.com/psirt",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
},
{
"category": "vendor_fix",
"details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
}
]
}
CNVD-2019-05263
Vulnerability from cnvd - Published: 2019-02-26
VLAI Severity ?
Title
WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL内核信息泄露漏洞
Description
Wibu-Systems WibuKey是德国威步(Wibu-Systems)公司的一套数字版权管理(DRM)系统。
WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL处理存在安全漏洞,允许本地攻击者利用漏洞提交特殊的请求,获取内核内存信息泄露。
Severity
低
Patch Name
WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL内核信息泄露漏洞的补丁
Patch Description
Wibu-Systems WibuKey是德国威步(Wibu-Systems)公司的一套数字版权管理(DRM)系统。
WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL处理存在安全漏洞,允许本地攻击者利用漏洞提交特殊的请求,获取内核内存信息泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657
Reference
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657
Impacted products
| Name | Wibu-Systems WibuKey.sys Version 6.40 (Build 2400) |
|---|
{
"bids": {
"bid": {
"bidNumber": "107005"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-3989"
}
},
"description": "Wibu-Systems WibuKey\u662f\u5fb7\u56fd\u5a01\u6b65\uff08Wibu-Systems\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u5b57\u7248\u6743\u7ba1\u7406\uff08DRM\uff09\u7cfb\u7edf\u3002\n\nWIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u83b7\u53d6\u5185\u6838\u5185\u5b58\u4fe1\u606f\u6cc4\u9732\u3002",
"discovererName": "Wibu-Systems",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-05263",
"openTime": "2019-02-26",
"patchDescription": "Wibu-Systems WibuKey\u662f\u5fb7\u56fd\u5a01\u6b65\uff08Wibu-Systems\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u5b57\u7248\u6743\u7ba1\u7406\uff08DRM\uff09\u7cfb\u7edf\u3002\r\n\r\nWIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL\u5904\u7406\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u83b7\u53d6\u5185\u6838\u5185\u5b58\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL\u5185\u6838\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Wibu-Systems WibuKey.sys Version 6.40 (Build 2400)"
},
"referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"serverity": "\u4f4e",
"submitTime": "2019-02-12",
"title": "WIBU-SYSTEMS WibuKey.sys 0x8200E804 IOCTL\u5185\u6838\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
VAR-201902-0658
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0658",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wibukey",
"scope": "eq",
"trust": 1.0,
"vendor": "wibu",
"version": "6.40"
},
{
"model": "wibukey",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.40 (build 2400)"
},
{
"model": "ag wibukey",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "0"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2307.20"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2300"
},
{
"model": "ag wibukey",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": "6.50"
}
],
"sources": [
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-3989",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3989",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3989",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3989",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-864",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-3989",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. \nWibuKey versions prior to 6.50 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "VULMON",
"id": "CVE-2018-3989"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3989",
"trust": 2.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0657",
"trust": 2.5
},
{
"db": "BID",
"id": "107005",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-03",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-844562",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-902727",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-760124",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0445.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-3989",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"id": "VAR-201902-0658",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5969863
},
"last_update_date": "2023-12-18T12:28:31.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WibuKey",
"trust": 0.8,
"url": "https://www.wibu.com/products/wibukey.html"
},
{
"title": "Wibu-Systems WibuKey Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88048"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=94e0234dc40d4012c749057122b199d5"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=65c9c9afcea0dc3f263138e8aeec5fa0"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=cb657546b0a1dbe8012ab3dbcfb9d8a6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/107005"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0657"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3989"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.9,
"url": "https://www.wibu.com/products.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3989"
},
{
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75498"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"date": "2019-02-05T23:29:00.310000",
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"date": "2022-04-19T18:15:37.227000",
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WIBU-SYSTEMS WibuKey.sys Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
}
}
GSD-2018-3989
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-3989",
"description": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"id": "GSD-2018-3989"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-3989"
],
"details": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"id": "GSD-2018-3989",
"modified": "2023-12-13T01:22:43.129499Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "107005",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-19T18:15Z",
"publishedDate": "2019-02-05T23:29Z"
}
}
}
FKIE_CVE-2018-3989
Vulnerability from fkie_nvd - Published: 2019-02-05 23:29 - Updated: 2024-11-21 04:06
Severity ?
4.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "3DAB4985-4CF4-42FF-B85C-362E56310075",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de exposici\u00f3n de memoria del kernel explotable en la funcionalidad del gestor IOCTL 0x8200E804 de WibuKey.sys de WIBI-SYSTEMS, en su versi\u00f3n 6.40 (en el build 2400). Una petici\u00f3n IRP especialmente manipulada puede causar que el controlador devuelva memoria no inicializada, conduciendo a una exposici\u00f3n de la memoria del kernel. Un atacante puede enviar una petici\u00f3n IRP para provocar esta vulnerabilidad."
}
],
"id": "CVE-2018-3989",
"lastModified": "2024-11-21T04:06:26.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-05T23:29:00.310",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"source": "talos-cna@cisco.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…