Remote Code Execution Flaw in SINUMERIK 828D, 840D sl
CVE-2018-11458

8.1HIGH

Key Information:

Vendor

Siemens
Status
Sinumerik 828d V4.7, Sinumerik 840d Sl V4.7, Sinumerik 840d Sl V4.8
Vendor
CVE Published:
12 December 2018

What is CVE-2018-11458?

A flaw in the integrated VNC server on port 5900/tcp in certain versions of SINUMERIK systems allows an unauthenticated attacker with network access to execute arbitrary code with elevated privileges. This vulnerability arises if port 5900/tcp is configured to be accessible through the firewall. Exploitation does not require user interaction and poses a risk to the confidentiality, integrity, and availability of the affected systems. As of now, there have been no reported instances of this vulnerability being actively exploited.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1 < SINUMERIK 828D V4.7 : All versions V4.7 SP6 HF1

SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5 < SINUMERIK 840D sl V4.7 : All versions V4.7 SP6 HF5

SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3 < SINUMERIK 840D sl V4.8 : All versions V4.8 SP3

References

http://www.securityfocus.com/bid/106185
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-17088...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.