cvelistv5 - cve-2018-3991

CVE-2018-3991 (GCVE-0-2018-3991)

Vulnerability from cvelistv5 – Published: 2019-02-05 22:00 – Updated: 2024-08-05 04:57

Summary

Severity ?

10 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Assigner

talos

References

URL

Tags

	http://www.securityfocus.com/bid/107005	vdb-entryx_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://talosintelligence.com/vulnerability_repor…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:24.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107005",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:07:39",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "107005",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-3991",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 10,
            "baseSeverity": null,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107005",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107005"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-3991",
    "datePublished": "2019-02-05T22:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T04:57:24.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7478DD89-FE09-48FB-BCE0-D8AAC0033306\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B761875D-6DFE-4FA1-8E2E-82C9E68592BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9830A70-1805-4FBB-9FB6-0E5649288F71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"001D349A-B990-4700-9B22-F0AB8E9901D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de desbordamiento de memoria din\\u00e1mica (heap) explotable en la funci\\u00f3n WkbProgramLow de WibuKey Network server management en su versi\\u00f3n 6.40.2402.500. Un paquete TCP especialmente manipulado puede provocar un desbordamiento de memoria din\\u00e1mica (heap), lo que podr\\u00eda dar lugar a la ejecuci\\u00f3n remota de c\\u00f3digo. Un atacante puede enviar un paquete TCP mal formado para provocar esta vulnerabilidad.\"}]",
      "id": "CVE-2018-3991",
      "lastModified": "2024-11-21T04:06:27.043",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-02-05T23:29:00.387",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/107005\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-3991\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2019-02-05T23:29:00.387\",\"lastModified\":\"2024-11-21T04:06:27.043\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) explotable en la funci\u00f3n WkbProgramLow de WibuKey Network server management en su versi\u00f3n 6.40.2402.500. Un paquete TCP especialmente manipulado puede provocar un desbordamiento de memoria din\u00e1mica (heap), lo que podr\u00eda dar lugar a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar un paquete TCP mal formado para provocar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7478DD89-FE09-48FB-BCE0-D8AAC0033306\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B761875D-6DFE-4FA1-8E2E-82C9E68592BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9830A70-1805-4FBB-9FB6-0E5649288F71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"001D349A-B990-4700-9B22-F0AB8E9901D2\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107005\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-05265

Vulnerability from cnvd - Published: 2019-02-26

Title

WibuKey Network server management WkbProgramLow堆溢出漏洞

Description

WIBU-KEY是一款软件保护和许可证管理系统。WibuKey Network server management是一款网络服务程序。 WibuKey Network server management WkbProgramLow函数存在堆溢出漏洞，允许远程攻击者利用漏洞提交特殊的TCP报文，可使应用程序崩溃或执行任意代码。

Severity

高

Patch Name

WibuKey Network server management WkbProgramLow堆溢出漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659

Impacted products

Name
Wibu-Systems WibuKey Network server management 6.40.2402.500

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "107005"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3991"
    }
  },
  "description": "WIBU-KEY\u662f\u4e00\u6b3e\u8f6f\u4ef6\u4fdd\u62a4\u548c\u8bb8\u53ef\u8bc1\u7ba1\u7406\u7cfb\u7edf\u3002WibuKey Network server management\u662f\u4e00\u6b3e\u7f51\u7edc\u670d\u52a1\u7a0b\u5e8f\u3002\n\nWibuKey Network server management WkbProgramLow\u51fd\u6570\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684TCP\u62a5\u6587\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Wibu-Systems",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-05265",
  "openTime": "2019-02-26",
  "patchDescription": "WIBU-KEY\u662f\u4e00\u6b3e\u8f6f\u4ef6\u4fdd\u62a4\u548c\u8bb8\u53ef\u8bc1\u7ba1\u7406\u7cfb\u7edf\u3002WibuKey Network server management\u662f\u4e00\u6b3e\u7f51\u7edc\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nWibuKey Network server management WkbProgramLow\u51fd\u6570\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684TCP\u62a5\u6587\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WibuKey Network server management WkbProgramLow\u5806\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Wibu-Systems WibuKey Network server management 6.40.2402.500"
  },
  "referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
  "serverity": "\u9ad8",
  "submitTime": "2019-02-12",
  "title": "WibuKey Network server management WkbProgramLow\u5806\u6ea2\u51fa\u6f0f\u6d1e"
}

VAR-201902-0660

Vulnerability from variot - Updated: 2023-12-18 12:28

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. WibuKey Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable. Network server management is one of the network server managers

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0660",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wibukey",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "wibu",
        "version": "6.40.2402.500"
      },
      {
        "model": "simatic wincc open architecture",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.15"
      },
      {
        "model": "simatic wincc open architecture",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.14"
      },
      {
        "model": "simatic wincc open architecture",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.16"
      },
      {
        "model": "simatic wincc open architecture",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ag wibukey",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wibu",
        "version": "0"
      },
      {
        "model": "sicam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2307.20"
      },
      {
        "model": "sicam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2300"
      },
      {
        "model": "ag wibukey",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "wibu",
        "version": "6.50"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-3991",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-3991",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-134022",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-3991",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-3991",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2018-3991",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-866",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134022",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-3991",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. WibuKey Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. \nWibuKey versions prior to 6.50 are vulnerable. Network server management is one of the network server managers",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "BID",
        "id": "107005"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3991"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-3991",
        "trust": 2.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0659",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "107005",
        "trust": 2.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-760124",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-844562",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-902727",
        "trust": 1.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-043-03",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0445.2",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-134022",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3991",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "db": "BID",
        "id": "107005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "id": "VAR-201902-0660",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      }
    ],
    "trust": 0.6727987
  },
  "last_update_date": "2023-12-18T12:28:31.468000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-844562",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
      },
      {
        "title": "SSA-760124:",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
      },
      {
        "title": "WibuKey",
        "trust": 0.8,
        "url": "https://www.wibu.com/products/wibukey.html"
      },
      {
        "title": "Wibu-Systems WibuKey server management Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88046"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=94e0234dc40d4012c749057122b199d5"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=65c9c9afcea0dc3f263138e8aeec5fa0"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=cb657546b0a1dbe8012ab3dbcfb9d8a6"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/siemens-critical-remote-code-execution/141768/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://www.securityfocus.com/bid/107005"
      },
      {
        "trust": 2.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0659"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3991"
      },
      {
        "trust": 0.9,
        "url": "http://www.siemens.com/"
      },
      {
        "trust": 0.9,
        "url": "https://www.wibu.com/products.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3991"
      },
      {
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75498"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/siemens-critical-remote-code-execution/141768/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "db": "BID",
        "id": "107005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "db": "BID",
        "id": "107005"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "date": "2019-02-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "107005"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "date": "2019-02-05T23:29:00.387000",
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "date": "2018-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134022"
      },
      {
        "date": "2022-04-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-3991"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "107005"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      },
      {
        "date": "2022-04-19T18:15:38.397000",
        "db": "NVD",
        "id": "CVE-2018-3991"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WibuKey Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014512"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-866"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2019-AVI-078

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Siemens WinCC OA. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50
Siemens	N/A	SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50
Siemens	N/A	SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-844562 du 25 février 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-078",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Siemens WinCC OA.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans Siemens WinCC OA",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844562 du 25 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
    }
  ]
}

CERTFR-2019-AVI-078

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50
Siemens	N/A	SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50
Siemens	N/A	SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) antérieure à 6.50

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-844562 du 25 février 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC WinCC OA version 3.16 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA version 3.14 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA version 3.15 avec une version de WibuKey Digital Rights Management(DRM) ant\u00e9rieure \u00e0 6.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-078",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Siemens WinCC OA.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans Siemens WinCC OA",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844562 du 25 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
    }
  ]
}

CERTFR-2019-AVI-207

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions antérieures à V15.1 Update 1
Siemens	N/A	SIMATIC HMI Comfort Panels 4" - 22" versions antérieures à V15.1 Update 1
Siemens	N/A	SIMATIC WinCC (TIA Portal) versions antérieures à V15.1 Update 1
Siemens	N/A	SISHIP IPMS
Siemens	N/A	SIMATIC PCS 7
Siemens	N/A	LOGO! Soft Comfort
Siemens	N/A	LOGO!8 BM
Siemens	N/A	SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions antérieures à V15.1 Update 1
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd3
Siemens	N/A	SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)
Siemens	N/A	SINAMICS PERFECT HARMONY GH180
Siemens	N/A	SISHIP IMAC
Siemens	N/A	SISHIP EMCS
Siemens	N/A	SIMATIC WinCC Runtime Advanced versions antérieures à V15.1 Update 1
Siemens	N/A	SCALANCE W1750D versions antérieures à V8.4.0.1
Siemens	N/A	SIMATIC WinCC Runtime Professional versions antérieures à V15.1 Update 1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-705517 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-865156 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-902727 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-606525 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-549547 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-697412 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-804486 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-102144 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-542701 du 14 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Comfort Panels 4\" - 22\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SISHIP IPMS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! Soft Comfort",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO!8 BM",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS PERFECT HARMONY GH180",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SISHIP IMAC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SISHIP EMCS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 V8.4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7083"
    },
    {
      "name": "CVE-2019-10919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10919"
    },
    {
      "name": "CVE-2019-10920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10920"
    },
    {
      "name": "CVE-2019-6572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6572"
    },
    {
      "name": "CVE-2018-16417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16417"
    },
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2019-10916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10916"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    },
    {
      "name": "CVE-2019-10922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10922"
    },
    {
      "name": "CVE-2019-10921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10921"
    },
    {
      "name": "CVE-2019-10924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10924"
    },
    {
      "name": "CVE-2019-10918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10918"
    },
    {
      "name": "CVE-2019-10917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10917"
    },
    {
      "name": "CVE-2018-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7064"
    },
    {
      "name": "CVE-2019-6578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6578"
    },
    {
      "name": "CVE-2018-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7084"
    },
    {
      "name": "CVE-2019-6576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6576"
    },
    {
      "name": "CVE-2019-6577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6577"
    },
    {
      "name": "CVE-2019-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6574"
    },
    {
      "name": "CVE-2018-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7082"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-207",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-14T00:00:00.000000"
    },
    {
      "description": "Ajout de SCADA dans le titre.",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705517 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-865156 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-902727 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-606525 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549547 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-697412 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102144 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
    }
  ]
}

CERTFR-2019-AVI-207

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions antérieures à V15.1 Update 1
Siemens	N/A	SIMATIC HMI Comfort Panels 4" - 22" versions antérieures à V15.1 Update 1
Siemens	N/A	SIMATIC WinCC (TIA Portal) versions antérieures à V15.1 Update 1
Siemens	N/A	SISHIP IPMS
Siemens	N/A	SIMATIC PCS 7
Siemens	N/A	LOGO! Soft Comfort
Siemens	N/A	LOGO!8 BM
Siemens	N/A	SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions antérieures à V15.1 Update 1
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd3
Siemens	N/A	SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)
Siemens	N/A	SINAMICS PERFECT HARMONY GH180
Siemens	N/A	SISHIP IMAC
Siemens	N/A	SISHIP EMCS
Siemens	N/A	SIMATIC WinCC Runtime Advanced versions antérieures à V15.1 Update 1
Siemens	N/A	SCALANCE W1750D versions antérieures à V8.4.0.1
Siemens	N/A	SIMATIC WinCC Runtime Professional versions antérieures à V15.1 Update 1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-705517 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-865156 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-902727 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-606525 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-549547 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-697412 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-804486 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-102144 du 14 mai 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-542701 du 14 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Comfort Panels 4\" - 22\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SISHIP IPMS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! Soft Comfort",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO!8 BM",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS PERFECT HARMONY GH180",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SISHIP IMAC",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SISHIP EMCS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 V8.4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional versions ant\u00e9rieures \u00e0 V15.1 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7083"
    },
    {
      "name": "CVE-2019-10919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10919"
    },
    {
      "name": "CVE-2019-10920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10920"
    },
    {
      "name": "CVE-2019-6572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6572"
    },
    {
      "name": "CVE-2018-16417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16417"
    },
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2019-10916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10916"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    },
    {
      "name": "CVE-2019-10922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10922"
    },
    {
      "name": "CVE-2019-10921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10921"
    },
    {
      "name": "CVE-2019-10924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10924"
    },
    {
      "name": "CVE-2019-10918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10918"
    },
    {
      "name": "CVE-2019-10917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10917"
    },
    {
      "name": "CVE-2018-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7064"
    },
    {
      "name": "CVE-2019-6578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6578"
    },
    {
      "name": "CVE-2018-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7084"
    },
    {
      "name": "CVE-2019-6576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6576"
    },
    {
      "name": "CVE-2019-6577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6577"
    },
    {
      "name": "CVE-2019-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6574"
    },
    {
      "name": "CVE-2018-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7082"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-207",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-14T00:00:00.000000"
    },
    {
      "description": "Ajout de SCADA dans le titre.",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705517 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-865156 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-902727 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-606525 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549547 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-697412 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102144 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
    }
  ]
}

CERTFR-2019-AVI-052

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC FieldPG M5 versions antérieures à V22.01.06
Siemens	N/A	SIMATIC IPC547E versions antérieures à R1.30.0
Siemens	N/A	relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.82
Siemens	N/A	SIMATIC IPC827D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC ITC1900 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC ITP1000 versions antérieures à V23.01.04
Siemens	N/A	SIMATIC IPC847D versions antérieures à V19.01.14
Siemens	N/A	SICAM 230 versions antérieures à V7.20 avec WibuKey Digital Rights Management (DRM) versions antérieures à 6.5
Siemens	N/A	relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.58
Siemens	N/A	Firmware variant IEC 61850 pour module ethernet EN100 versions antérieures à V4.35
Siemens	N/A	SIMATIC ITC1500 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC547G versions antérieures à R1.23.0
Siemens	N/A	SIMATIC IPC477E versions antérieures à V21.01.09
Siemens	N/A	SIMATIC ITC2200 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC677D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC ITC2200 V3 versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC627D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC IPC427E versions antérieures à V21.01.09
Siemens	N/A	SIMATIC IPC647D versions antérieures à V19.01.14
Siemens	N/A	SIMATIC ITC1500 V3 versions antérieures à V3.1
Siemens	N/A	SIMATIC ITC1900 V3 versions antérieures à V3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-377318 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-505225 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-760124 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-104088 du 12 février 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC FieldPG M5 versions ant\u00e9rieures \u00e0 V22.01.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547E versions ant\u00e9rieures \u00e0 R1.30.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.82",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000 versions ant\u00e9rieures \u00e0 V23.01.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847D versions ant\u00e9rieures \u00e0 V19.01.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM 230 versions ant\u00e9rieures \u00e0 V7.20 avec WibuKey Digital Rights Management (DRM) versions ant\u00e9rieures \u00e0 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.58",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Firmware variant IEC 61850 pour module ethernet EN100 versions ant\u00e9rieures \u00e0 V4.35",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547G versions ant\u00e9rieures \u00e0 R1.23.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E versions ant\u00e9rieures \u00e0 V21.01.09",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E versions ant\u00e9rieures \u00e0 V21.01.09",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647D versions ant\u00e9rieures \u00e0 V19.01.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16563"
    },
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    },
    {
      "name": "CVE-2018-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2018-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
    },
    {
      "name": "CVE-2018-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-052",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-505225 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-760124 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-104088 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
    }
  ]
}

CERTFR-2019-AVI-052

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC FieldPG M5 versions antérieures à V22.01.06
Siemens	N/A	SIMATIC IPC547E versions antérieures à R1.30.0
Siemens	N/A	relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.82
Siemens	N/A	SIMATIC IPC827D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC ITC1900 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC ITP1000 versions antérieures à V23.01.04
Siemens	N/A	SIMATIC IPC847D versions antérieures à V19.01.14
Siemens	N/A	SICAM 230 versions antérieures à V7.20 avec WibuKey Digital Rights Management (DRM) versions antérieures à 6.5
Siemens	N/A	relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet listés sur le site du constructeur, versions antérieures à V7.58
Siemens	N/A	Firmware variant IEC 61850 pour module ethernet EN100 versions antérieures à V4.35
Siemens	N/A	SIMATIC ITC1500 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC547G versions antérieures à R1.23.0
Siemens	N/A	SIMATIC IPC477E versions antérieures à V21.01.09
Siemens	N/A	SIMATIC ITC2200 V3 PRO versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC677D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC ITC2200 V3 versions antérieures à V3.1
Siemens	N/A	SIMATIC IPC627D versions antérieures à V19.02.11
Siemens	N/A	SIMATIC IPC427E versions antérieures à V21.01.09
Siemens	N/A	SIMATIC IPC647D versions antérieures à V19.01.14
Siemens	N/A	SIMATIC ITC1500 V3 versions antérieures à V3.1
Siemens	N/A	SIMATIC ITC1900 V3 versions antérieures à V3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-377318 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-505225 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-760124 du 12 février 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-104088 du 12 février 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC FieldPG M5 versions ant\u00e9rieures \u00e0 V22.01.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547E versions ant\u00e9rieures \u00e0 R1.30.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "relais SIPROTEC 5, avec des processeurs CP300 ou CP100 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.82",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000 versions ant\u00e9rieures \u00e0 V23.01.04",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847D versions ant\u00e9rieures \u00e0 V19.01.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM 230 versions ant\u00e9rieures \u00e0 V7.20 avec WibuKey Digital Rights Management (DRM) versions ant\u00e9rieures \u00e0 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "relais SIPROTEC 5, avec des processeurs CP200 et les modules de communication Ethernet list\u00e9s sur le site du constructeur, versions ant\u00e9rieures \u00e0 V7.58",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Firmware variant IEC 61850 pour module ethernet EN100 versions ant\u00e9rieures \u00e0 V4.35",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547G versions ant\u00e9rieures \u00e0 R1.23.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E versions ant\u00e9rieures \u00e0 V21.01.09",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627D versions ant\u00e9rieures \u00e0 V19.02.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E versions ant\u00e9rieures \u00e0 V21.01.09",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647D versions ant\u00e9rieures \u00e0 V19.01.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16563"
    },
    {
      "name": "CVE-2018-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
    },
    {
      "name": "CVE-2018-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
    },
    {
      "name": "CVE-2018-3989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
    },
    {
      "name": "CVE-2018-3657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2018-3658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
    },
    {
      "name": "CVE-2018-3616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-052",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-377318 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-505225 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-760124 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-104088 du 12 f\u00e9vrier 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
    }
  ]
}

GSD-2018-3991

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-3991

Aliases

CVE-2018-3991

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-3991",
    "description": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.",
    "id": "GSD-2018-3991"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-3991"
      ],
      "details": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.",
      "id": "GSD-2018-3991",
      "modified": "2023-12-13T01:22:43.106759Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2018-3991",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 10.0,
          "baseSeverity": null,
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "107005",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107005"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
          },
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-3991"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
            },
            {
              "name": "107005",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/107005"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-19T18:15Z",
      "publishedDate": "2019-02-05T23:29Z"
    }
  }
}

ICSA-19-043-03

Vulnerability from csaf_cisa - Published: 2019-02-12 00:00 - Updated: 2019-05-14 00:00

Summary

WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.

Critical infrastructure sectors

Commercial Facilities, Communications, Critical Manufacturing, Energy, Financial Services, Healthcare and Public Health, Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Communications, Critical Manufacturing, Energy, Financial Services, Healthcare and Public Health, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-043-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-043-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-043-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-043-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-043-03"
      }
    ],
    "title": "WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)",
    "tracking": {
      "current_release_date": "2019-05-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-043-03",
      "initial_release_date": "2019-02-12T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-02-12T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-043-03 Siemens Licensing Software for SICAM 230"
        },
        {
          "date": "2019-02-14T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-19-043-03 Siemens Licensing Software for SICAM 230 (Update A)"
        },
        {
          "date": "2019-03-12T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-19-043-03 WIBU-SYSTEMS AG WibuKey Digital Rights Management (Update B)"
        },
        {
          "date": "2019-04-09T00:00:00.000000Z",
          "legacy_version": "C",
          "number": "4",
          "summary": "ICSA-19-043-03 WIBU SYSTEMS AG WibuKey Digital Rights Management (Update C)"
        },
        {
          "date": "2019-05-14T00:00:00.000000Z",
          "legacy_version": "D",
          "number": "5",
          "summary": "ICSA-19-043-03 WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 7.20",
                "product": {
                  "name": "Siemens SICAM 230: All Versions 7.20 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SICAM 230"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c P007",
                "product": {
                  "name": "3.16: All versions prior to vP007",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SIMATIC WinCC OA 3.16"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "Siemens SISHIP EMCS IMAC IPMS: All versions",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SISHIP EMCS IMAC IPMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
                "product": {
                  "name": "Sprecher Automation SPRECON-V460 products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Sprecher Automation SPRECON-V460 products"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 9.2",
                "product": {
                  "name": "COPA-DATA straton workbench: All Versions 9.2 and prior",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "COPA-DATA straton workbench"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.14.25 | 3.15.18",
                "product": {
                  "name": "Phoenix Contact MEVIEW3: All versions prior to 3.14.25 and 3.15.18",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Phoenix Contact MEVIEW3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c P025",
                "product": {
                  "name": "3.14: All versions prior to vP025",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SIMATIC WinCC OA 3.14"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c P018",
                "product": {
                  "name": "3.15: All versions prior to vP018",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SIMATIC WinCC OA 3.15"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
                "product": {
                  "name": "COPA-DATA zenon products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "COPA-DATA zenon products"
          }
        ],
        "category": "vendor",
        "name": "WIBU-SYSTEMS AG"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-3989",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted IRP (I/O request packet) can cause the driver to return uninitialized memory, which may result in kernel memory disclosure.CVE-2018-3989 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3989"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Updated Wibu Systems Software can be found at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "https://www.wibu.com/support/user/downloads-user-software.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.wibu.com/support/user/downloads-user-software.html"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
        },
        {
          "category": "vendor_fix",
          "details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
        },
        {
          "category": "vendor_fix",
          "details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
        },
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.phoenixcontact.com/psirt",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.phoenixcontact.com/psirt"
        },
        {
          "category": "vendor_fix",
          "details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.phoenixcontact.com/psirt"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-3990",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted IRP (I/O request packet) can cause a buffer overflow resulting in kernel memory corruption, which may allow privilege escalation.CVE-2018-3990 has been assigned to this vulnerability. A CVSS v3 base score of 9.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3990"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Updated Wibu Systems Software can be found at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "https://www.wibu.com/support/user/downloads-user-software.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.wibu.com/support/user/downloads-user-software.html"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
        },
        {
          "category": "vendor_fix",
          "details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
        },
        {
          "category": "vendor_fix",
          "details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
        },
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.phoenixcontact.com/psirt",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.phoenixcontact.com/psirt"
        },
        {
          "category": "vendor_fix",
          "details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.phoenixcontact.com/psirt"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-3991",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted TCP packet sent to Port 22347/TCP can cause a heap overflow, which may lead to remote code execution.CVE-2018-3991 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3991"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Updated Wibu Systems Software can be found at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "https://www.wibu.com/support/user/downloads-user-software.html",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.wibu.com/support/user/downloads-user-software.html"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
        },
        {
          "category": "vendor_fix",
          "details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
        },
        {
          "category": "vendor_fix",
          "details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
        },
        {
          "category": "vendor_fix",
          "details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
        },
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.phoenixcontact.com/psirt",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.phoenixcontact.com/psirt"
        },
        {
          "category": "vendor_fix",
          "details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://www.phoenixcontact.com/psirt"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    }
  ]
}

GHSA-WQFW-3H2H-7VWC

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-3991"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-05T23:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.",
  "id": "GHSA-wqfw-3h2h-7vwc",
  "modified": "2022-05-13T01:01:47Z",
  "published": "2022-05-13T01:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3991"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-3991

Vulnerability from fkie_nvd - Published: 2019-02-05 23:29 - Updated: 2024-11-21 04:06

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
talos-cna@cisco.com	http://www.securityfocus.com/bid/107005	Third Party Advisory, VDB Entry
talos-cna@cisco.com	https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf	Mitigation, Third Party Advisory
talos-cna@cisco.com	https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf	Third Party Advisory
talos-cna@cisco.com	https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107005	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf	Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
wibu	wibukey	6.40.2402.500
microsoft	windows	-
siemens	simatic_wincc_open_architecture	3.14
siemens	simatic_wincc_open_architecture	3.15
siemens	simatic_wincc_open_architecture	3.16

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*",
              "matchCriteriaId": "7478DD89-FE09-48FB-BCE0-D8AAC0033306",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "B761875D-6DFE-4FA1-8E2E-82C9E68592BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9830A70-1805-4FBB-9FB6-0E5649288F71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "001D349A-B990-4700-9B22-F0AB8E9901D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) explotable en la funci\u00f3n WkbProgramLow de WibuKey Network server management en su versi\u00f3n 6.40.2402.500. Un paquete TCP especialmente manipulado puede provocar un desbordamiento de memoria din\u00e1mica (heap), lo que podr\u00eda dar lugar a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar un paquete TCP mal formado para provocar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2018-3991",
  "lastModified": "2024-11-21T04:06:27.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-05T23:29:00.387",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107005"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
    },
    {
      "source": "talos-cna@cisco.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-3991 (GCVE-0-2018-3991)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature