CVE-2018-3991 - OpenCVE

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Siemens	Simatic Wincc Open Architecture
Wibu	Wibukey

Configuration 1 [-]

AND

cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:::::::*
	cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:::::::*
	cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/107005
https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2019-02-05T22:00:00

Updated: 2024-08-05T04:57:24.691Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3991

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-02-05T23:29:00.387

Modified: 2022-04-19T18:15:38.397

Link: CVE-2018-3991

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:07:39", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "107005", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107005"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2018-3991", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 10, "baseSeverity": null, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "107005", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107005"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"}, {"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:57:24.691Z"}, "title": "CVE Program Container", "references": [{"name": "107005", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107005"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2018-3991", "datePublished": "2019-02-05T22:00:00", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T04:57:24.691Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*", "matchCriteriaId": "7478DD89-FE09-48FB-BCE0-D8AAC0033306", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*", "matchCriteriaId": "B761875D-6DFE-4FA1-8E2E-82C9E68592BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*", "matchCriteriaId": "B9830A70-1805-4FBB-9FB6-0E5649288F71", "vulnerable": true}, {"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*", "matchCriteriaId": "001D349A-B990-4700-9B22-F0AB8E9901D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) explotable en la funci\u00f3n WkbProgramLow de WibuKey Network server management en su versi\u00f3n 6.40.2402.500. Un paquete TCP especialmente manipulado puede provocar un desbordamiento de memoria din\u00e1mica (heap), lo que podr\u00eda dar lugar a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar un paquete TCP mal formado para provocar esta vulnerabilidad."}], "id": "CVE-2018-3991", "lastModified": "2022-04-19T18:15:38.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2019-02-05T23:29:00.387", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107005"}, {"source": "talos-cna@cisco.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"}, {"source": "talos-cna@cisco.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}