Main Vulnerability Database Vulnerabilities #VU16508

#VU16508 Privilege escalation in Siemens products - CVE-2018-11461

Published: December 12, 2018

Vulnerability identifier: #VU16508

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11461

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SINUMERIK 808D
SINUMERIK 840D
SINUMERIK 828D

Software vendor:
Siemens

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper privileges and access controls. A local attacker can use the service command application and gain elevated privileges.

Remediation

Update SINUMERIK 828D to version 4.7 SP6 HF1.
Update SINUMERIK 840D to version 4.7 SP6 HF5 or 4.8 SP3.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf

#VU16508 Privilege escalation in Siemens products - CVE-2018-11461

Description

Remediation

External links

Please verify you're human