What is CVE-2018-3991?

CVE-2018-3991 is an exploitable heap overflow vulnerability in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500.

How severe is CVE-2018-3991?

CVE-2018-3991 has a severity score of 9.8 (Critical).

How can CVE-2018-3991 be exploited?

CVE-2018-3991 can be exploited by sending a specially crafted TCP packet to trigger a heap overflow, potentially leading to remote code execution.

Which software versions are affected by CVE-2018-3991?

CVE-2018-3991 affects WibuKey Network server management version 6.40.2402.500.

Is Microsoft Windows affected by CVE-2018-3991?

No, Microsoft Windows is not affected by CVE-2018-3991.

Vulnerability/
CVE-2018-3991

critical

CWE

787

5/2/2019

5/8/2024

CVE-2018-3991

First published: Tue Feb 05 2019(Updated: )

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
	=6.40.2402.500
Microsoft Windows
Siemens Simatic Wincc Open Architecture	=3.14
Siemens Simatic Wincc Open Architecture	=3.15
Siemens Simatic Wincc Open Architecture	=3.16

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-3991?
CVE-2018-3991 is an exploitable heap overflow vulnerability in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500.
How severe is CVE-2018-3991?
CVE-2018-3991 has a severity score of 9.8 (Critical).
How can CVE-2018-3991 be exploited?
CVE-2018-3991 can be exploited by sending a specially crafted TCP packet to trigger a heap overflow, potentially leading to remote code execution.
Which software versions are affected by CVE-2018-3991?
CVE-2018-3991 affects WibuKey Network server management version 6.40.2402.500.
Is Microsoft Windows affected by CVE-2018-3991?
No, Microsoft Windows is not affected by CVE-2018-3991.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/description
agent/type
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/wibu
vendor/microsoft
canonical/microsoft windows
vendor/siemens
canonical/siemens simatic wincc open architecture
version/siemens simatic wincc open architecture/3.14
version/siemens simatic wincc open architecture/3.15
version/siemens simatic wincc open architecture/3.16

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.