{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"name": "102906", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102906"}, {"tags": ["x_refsource_MISC"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"}, {"name": "102739", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102739"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"name": "102906", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102906"}, {"name": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx", "refsource": "MISC", "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"name": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"}, {"name": "102739", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102739"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.161Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"name": "102906", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102906"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"}, {"name": "102739", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102739"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11498", "datePublished": "2017-10-02T21:00:00", "dateReserved": "2017-07-20T00:00:00", "dateUpdated": "2024-08-05T18:12:40.161Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "A0D085F4-A4D5-406F-9C71-60E38674D4A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "613D88BA-F9E7-4F5C-849D-36D5C0934617", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A692A81-F3B0-4894-A04D-948D488AD2CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "22489E71-8667-40F0-BC80-35278EF7DC08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en hasplms en Gemalto ACC (Admin Control Center) en todas sus versiones desde HASP SRM 2.10 hasta Sentinel LDK 7.50 permite que los atacantes remotos detengan el proceso remoto (denegaci\u00f3n de servicio) mediante un paquete de lenguaje (archivo ZIP) con archivos HTML no v\u00e1lidos."}], "id": "CVE-2017-11498", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-03T01:29:01.153", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/102739"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/102906"}, {"source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"}, {"source": "cve@mitre.org", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}, {"source": "cve@mitre.org", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}