Risk | High |
Patch available | YES |
Number of vulnerabilities | 19 |
CVE-ID | CVE-2019-20840 CVE-2020-14405 CVE-2020-14404 CVE-2020-14403 CVE-2020-14402 CVE-2020-14401 CVE-2020-14398 CVE-2020-14397 CVE-2020-14396 CVE-2019-20839 CVE-2017-18922 CVE-2019-20788 CVE-2019-15690 CVE-2019-15681 CVE-2018-21247 CVE-2018-20750 CVE-2018-20749 CVE-2018-20748 CVE-2018-20019 |
CWE-ID | CWE-119 CWE-770 CWE-190 CWE-835 CWE-476 CWE-787 CWE-122 CWE-401 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
SIMATIC ITC1500 Hardware solutions / Office equipment, IP-phones, print servers SIMATIC ITC1500 PRO Hardware solutions / Office equipment, IP-phones, print servers SIMATIC ITC1900 Hardware solutions / Office equipment, IP-phones, print servers SIMATIC ITC1900 PRO Hardware solutions / Office equipment, IP-phones, print servers SIMATIC ITC2200 Hardware solutions / Office equipment, IP-phones, print servers SIMATIC ITC2200 PRO Hardware solutions / Office equipment, IP-phones, print servers |
Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
EUVDB-ID: #VU29372
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20840
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within hybiReadAndDecode() in libvncserver/ws_decode.c. A remote attacker can create a specially crafted request to the affected LibVNCServer installation and crash the service.
Install update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29374
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14405
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in libvncclient/rfbproto.c due to LibVNCServer does not limit TextChat size.A remote attacker who controls a malicious VNC server can send large amounts of data to the client application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29375
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14404
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing encodings in libvncserver/rre.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29376
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14403
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing encodings in libvncserver/hextile.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29377
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14402
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing encodings in libvncserver/corre.c. A remote attacker can pass specially crafted data to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29378
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14401
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in libvncserver/scale.c when processing data passed via pixel_value. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29381
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14398
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in libvncclient/sockets.c when closing TCP connections. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29382
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14397
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libvncserver/rfbregion.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29383
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14396
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libvncclient/tls_openssl.c. A remote attacker can trick the victim to connect to a malicious server and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29373
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20839
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary when processing long socket filename in libvncclient/sockets.c in LibVNCServer. A remote attacker can rick the victim to connect to server using a specially crafted configuration file, trigger buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30157
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18922
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29385
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20788
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in libvncclient/cursor.c when processing large height or width values. A remote attacker can trick the victim to connect to a malicious VNC server, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU26343
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-15690
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22957
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-15681
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due memory leak in VNC server code. A remote attacker can read stack memory and disclose sensitive information.
Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29384
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-21247
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due memory leak within the ConnectToRFBRepeater() function in libvncclient/rfbproto.c. A remote attacker can trick the victim to connect to a malicious VNC server, trigger the memory leak and gain access to sensitive information on the client's system.
Install update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17750
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20750
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger out-of-bounds write in rfbserver.c and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17751
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20749
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger out-of-bounds write in rfbserver.c and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17749
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20748
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trigger out-of-bounds write in VNC client code and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17123
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20019
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap out-of-bounds write in VNC client code. A remote attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationInstall update from vendor's website.
Vulnerable software versionsSIMATIC ITC1500: before 3.2.1.0
SIMATIC ITC1500 PRO: before 3.2.1.0
SIMATIC ITC1900: before 3.2.1.0
SIMATIC ITC1900 PRO: before 3.2.1.0
SIMATIC ITC2200: before 3.2.1.0
SIMATIC ITC2200 PRO: before 3.2.1.0
SIMATIC ITC2200 PRO: before
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-350-12
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.