CVE-2018-11463

EPSS 0.1%
Veröffentlicht 12.12.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:43:25
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Sinumerik 808d V4.7 Firmware

Siemens ≫ Sinumerik 808d V4.7 Version-

Siemens ≫ Sinumerik 808d V4.8 Firmware

Siemens ≫ Sinumerik 808d V4.8 Version-

Siemens ≫ Sinumerik 828d V4.7 Firmware Version <= 4.7

Siemens ≫ Sinumerik 828d V4.7 Version-

Siemens ≫ Sinumerik 840d Sl V4.7 Firmware Version <= 4.7

Siemens ≫ Sinumerik 840d Sl V4.7

Siemens ≫ Sinumerik 840d Sl V4.8 Firmware Version <= 4.8

Siemens ≫ Sinumerik 840d Sl V4.8 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.245

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://www.securityfocus.com/bid/106185

Third Party Advisory

VDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-11463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11463

EUVD