SB2018121211 - Multiple vulnerabilities in Siemens SINUMERIK

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018121211

SB2018121211 - Multiple vulnerabilities in Siemens SINUMERIK

Published: December 12, 2018

Security Bulletin ID SB2018121211
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 30% Low 70%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2018-11457)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when handling malicious input if Port 4842/TCP is manually opened in the firewall configuration of network Port X130. A remote unauthenticated attacker can specially crafted network requests to Port 4842/TCP, trigger memory corruption and execute arbitrary code with privileged permissions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Integer overflow (CVE-ID: CVE-2018-11458)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when handling malicious input if Port 4842/TCP is manually opened in the firewall configuration of network Port X130. A remote unauthenticated attacker can specially crafted network requests to Port 4842/TCP, trigger memory corruption and execute arbitrary code with privileged permissions.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Privilege escalation (CVE-ID: CVE-2018-11459)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to protection mechanism failure. A local attacker can modify a user-writeable configuration file and execute arbitrary code after reboot or manual initiation with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Privilege escalation (CVE-ID: CVE-2018-11460)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to protection mechanism failure. A local attacker can modify a CRAMFS archive so that after reboot, the system loads the modified CRAMFS file that can execute arbitrary code with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Privilege escalation (CVE-ID: CVE-2018-11461)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper privileges and access controls. A local attacker can use the service command application and gain elevated privileges.


6) Privilege escalation (CVE-ID: CVE-2018-11462)

The vulnerability allows a remote unauthenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper privileges and access controls. A remote attacker can send a specially crafted authentication request and gain elevated privileges.


7) Stack-based buffer overflow (CVE-ID: CVE-2018-11463)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to stack-based buffer overflow in the service command application when handling malicious input. A local attacker can execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Uncaught exception (CVE-ID: CVE-2018-11464)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to uncaught exception if Port 5900/TCP is manually opened in the firewall configuration of network Port X130. A remote unauthenticated attacker can cause a denial-of-service condition of the VNC server.


9) Uncaught exception (CVE-ID: CVE-2018-11465)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to uncaught exception. A local attacker can use ioctl calls to do out of bounds reads, arbitrary writes, or execute arbitrary code in kernel mode.


10) Uncaught exception (CVE-ID: CVE-2018-11466)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to uncaught exception. A remote unauthenticated attacker can send specially crafted network packets to Port 102/TCP (ISO-TSAP), cause a denial-of-service condition of the integrated software firewall or execute code in the context of the software firewall. 


Remediation

Install update from vendor's website.

References