Remote Code Execution Flaw in SINUMERIK 828D, 840D sl
CVE-2018-11458

8.1HIGH

Key Information:

Vendor: Siemens
Status: Sinumerik 828d V4.7, Sinumerik 840d Sl V4.7, Sinumerik 840d Sl V4.8
Vendor: CVE Published:; 12 December 2018

Summary

A flaw in the integrated VNC server on port 5900/tcp in certain versions of SINUMERIK systems allows an unauthenticated attacker with network access to execute arbitrary code with elevated privileges. This vulnerability arises if port 5900/tcp is configured to be accessible through the firewall. Exploitation does not require user interaction and poses a risk to the confidentiality, integrity, and availability of the affected systems. As of now, there have been no reported instances of this vulnerability being actively exploited.

Affected Version(s)

SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1 < SINUMERIK 828D V4.7 : All versions V4.7 SP6 HF1

SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5 < SINUMERIK 840D sl V4.7 : All versions V4.7 SP6 HF5

SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3 < SINUMERIK 840D sl V4.8 : All versions V4.8 SP3

References

http://www.securityfocus.com/bid/106185

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-17088...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2018
Vulnerability Reserved
May 25, 2018