Privilege Escalation Vulnerability in SINUMERIK Products by Siemens
CVE-2018-11461

6.6MEDIUM

Key Information:

Vendor: Siemens
Status: Sinumerik 808d V4.7, Sinumerik 808d V4.8, Sinumerik 828d V4.7, Sinumerik 840d Sl V4.7, Sinumerik 840d Sl V4.8
Vendor: CVE Published:; 12 December 2018

Summary

A vulnerability exists in various versions of SINUMERIK products that allows a local attacker with user privileges to escalate their access to an elevated user level without rooting the system. This can compromise the system's confidentiality, integrity, and availability. Exploitation of this vulnerability does not require user interaction and can be conducted through the service command application, thereby posing a significant risk to systems utilizing affected SINUMERIK versions.

Affected Version(s)

SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 808D V4.7 : All versions

SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 808D V4.8 : All versions

SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1 < SINUMERIK 828D V4.7 : All versions V4.7 SP6 HF1

References

http://www.securityfocus.com/bid/106185

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-17088...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2018
Vulnerability Reserved
May 25, 2018