Main Vulnerability Database Vulnerabilities #VU16512

#VU16512 Uncaught exception in Siemens products - CVE-2018-11465

Published: December 12, 2018

Vulnerability identifier: #VU16512

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-11465

CWE-ID: CWE-248

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SINUMERIK 808D
SINUMERIK 840D
SINUMERIK 828D

Software vendor:
Siemens

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to uncaught exception. A local attacker can use ioctl calls to do out of bounds reads, arbitrary writes, or execute arbitrary code in kernel mode.

Remediation

Update SINUMERIK 828D to version 4.7 SP6 HF1.
Update SINUMERIK 840D to version 4.7 SP6 HF5 or 4.8 SP3.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf

#VU16512 Uncaught exception in Siemens products - CVE-2018-11465

Description

Remediation

External links

Please verify you're human