CVE-2019-8262: Buffer Overflow
First published: Tue Mar 05 2019(Updated: )
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
Credit: vulnerability@kaspersky.com vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| UltraVNC | <1.2.2.3 | |
| Siemens Sinumerik Access MyMachine/P2P | <4.8 | |
| Siemens Sinumerik PCU Base Win10 Software | <14.00 | |
| Siemens Sinumerik PCU Base Win7 Software/IPC | <=12.01 | |
| Siemens SINAMICS GH150 | ||
| Siemens SINAMICS GL150 Firmware | ||
| Siemens SINAMICS GM150 (with option X30) | ||
| Siemens SINAMICS SH150 firmware | ||
| Siemens SINAMICS SL150 | ||
| Siemens SINAMICS SM120 | ||
| Siemens SINAMICS SM150 Firmware | ||
| Siemens SINAMICS SM150i firmware | ||
| Siemens SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants) Update 4 | <16 | 16 |
| Siemens SIMATIC HMI Comfort Panels | <16 | 16 |
| Siemens SIMATIC HMI Mobile Panels | <16 | 16 |
| Siemens SIMATIC WinCC Runtime Advanced | <16 | 16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-04 (Advisory)
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-11 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2019-8262?
CVE-2019-8262 has a high severity rating due to its potential to allow code execution through heap buffer overflow vulnerabilities.
How do I fix CVE-2019-8262?
To fix CVE-2019-8262, update to UltraVNC revision 1204 or apply patches provided by Siemens for affected products.
Which versions are affected by CVE-2019-8262?
CVE-2019-8262 affects UltraVNC revision 1203 and specific versions of Siemens SIMATIC and SINAMICS products.
Can CVE-2019-8262 be exploited remotely?
Yes, CVE-2019-8262 is exploitable via network connectivity, making it a significant risk.
What type of vulnerabilities does CVE-2019-8262 involve?
CVE-2019-8262 involves multiple heap buffer overflow vulnerabilities in the VNC client code.
- agent/type
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/ics-cert-advisory
- source/ICS
- vendor/uvnc
- canonical/ultravnc
- vendor/siemens
- canonical/siemens sinumerik access mymachine/p2p
- canonical/siemens sinumerik pcu base win10 software
- canonical/siemens sinumerik pcu base win7 software/ipc
- version/siemens sinumerik pcu base win7 software/ipc/12.01
- canonical/siemens sinamics gh150
- canonical/siemens sinamics gl150 firmware
- canonical/siemens sinamics gm150 (with option x30)
- canonical/siemens sinamics sh150 firmware
- canonical/siemens sinamics sl150
- canonical/siemens sinamics sm120
- canonical/siemens sinamics sm150 firmware
- canonical/siemens sinamics sm150i firmware
- canonical/siemens simatic hmi comfort outdoor panels 7’ and 15’ (incl. siplus variants) update 4
- canonical/siemens simatic hmi comfort panels
- canonical/siemens simatic hmi mobile panels
- canonical/siemens simatic wincc runtime advanced