CVE-2019-8259

Reference Links

• https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
• https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
• https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
• https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/
• https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
• https://www.us-cert.gov/ics/advisories/icsa-20-161-06
• https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-04 (Advisory)
• https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-11 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-21-131-04
• ICSA-21-131-11

Frequently Asked Questions

• What is the severity of CVE-2019-8259?

  CVE-2019-8259 has a medium severity rating due to potential information disclosure risks associated with memory leaks.

• How do I fix CVE-2019-8259?

  To fix CVE-2019-8259, update affected software to the latest version provided by the vendor, ensuring it is patched for this vulnerability.

• Which software is affected by CVE-2019-8259?

  CVE-2019-8259 affects multiple versions of UltraVNC, as well as several Siemens products including the SINUMERIC series and Comfort Panels.

• What are the potential impacts of exploiting CVE-2019-8259?

  Exploiting CVE-2019-8259 could allow an attacker to read sensitive stack memory, leading to information disclosure and potential ASLR bypass.

• Is there a known workaround for CVE-2019-8259?

  Currently, the recommended approach for CVE-2019-8259 is to apply the latest software updates rather than relying on workarounds.