Privilege Escalation Vulnerability in SINUMERIK Products by Siemens
CVE-2018-11461

6.6MEDIUM

Key Information:

Vendor

Siemens
Status
Sinumerik 808d V4.7, Sinumerik 808d V4.8, Sinumerik 828d V4.7, Sinumerik 840d Sl V4.7, Sinumerik 840d Sl V4.8
Vendor
CVE Published:
12 December 2018

What is CVE-2018-11461?

A vulnerability exists in various versions of SINUMERIK products that allows a local attacker with user privileges to escalate their access to an elevated user level without rooting the system. This can compromise the system's confidentiality, integrity, and availability. Exploitation of this vulnerability does not require user interaction and can be conducted through the service command application, thereby posing a significant risk to systems utilizing affected SINUMERIK versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 808D V4.7 : All versions

SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 808D V4.8 : All versions

SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8 SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1 < SINUMERIK 828D V4.7 : All versions V4.7 SP6 HF1

References

http://www.securityfocus.com/bid/106185
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-17088...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.