Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-11464

Опубликовано: 12 дек. 2018
Источник: nvd
CVSS3: 3.7
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*
Версия до 4.7 (включая)
cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*
Версия до 4.7 (включая)
cpe:2.3:h:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*
Версия до 4.8 (включая)
cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%
0.00435
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-248
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-6mj6-g5m3-f7hq

CVSS3: 3.7
github
больше 3 лет назад

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.

fstec логотип

BDU:2019-00178

CVSS3: 5.3
fstec
около 7 лет назад

Уязвимость программного обеспечения программируемого логического контроллера Siemens Sinumerik, связанная с ошибкой обработки сетевых пакетов VNC-сервером, позволяющая нарушителю вызвать отказ в обслуживании VNC-сервера

EPSS

Процентиль: 62%
0.00435
Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-248
NVD-CWE-noinfo