CVE-2019-8275
First published: Fri Mar 01 2019(Updated: )
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Uvnc Ultravnc | <1.2.2.3 | |
| Siemens Sinumerik Access Mymachine\/p2p | <4.8 | |
| Siemens Sinumerik Pcu Base Win10 Software\/ipc | <14.00 | |
| Siemens Sinumerik Pcu Base Win7 Software\/ipc | <=12.01 | |
| Siemens Sinamics Gh150 | ||
| Siemens Sinamics Sh150 | ||
| Siemens Sinamics Sl150 | ||
| Siemens Sinamics Sm120 | ||
| Siemens Sinamics Sm150 | ||
| Siemens SINAMICS SM150i | ||
| Siemens SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants) Update 4 | <16 | 16 |
| Siemens SIMATIC HMI Comfort Panels 4’to 22’ (incl. SIPLUS variants) Update 4 | <16 | 16 |
| Siemens SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900, and KTP900F Update 4 | <16 | 16 |
| Siemens SIMATIC WinCC Runtime Advanced Update 4 | <16 | 16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-04 (Advisory)
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-11 (Advisory)
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/uvnc
- canonical/uvnc ultravnc
- vendor/siemens
- canonical/siemens sinumerik access mymachine\/p2p
- canonical/siemens sinumerik pcu base win10 software\/ipc
- canonical/siemens sinumerik pcu base win7 software\/ipc
- version/siemens sinumerik pcu base win7 software\/ipc/12.01
- canonical/siemens sinamics gh150
- canonical/siemens sinamics sh150
- canonical/siemens sinamics sl150
- canonical/siemens sinamics sm120
- canonical/siemens sinamics sm150
- canonical/siemens sinamics sm150i
- canonical/siemens simatic hmi comfort outdoor panels 7’ and 15’ (incl. siplus variants) update 4
- canonical/siemens simatic hmi comfort panels 4’to 22’ (incl. siplus variants) update 4
- canonical/siemens simatic hmi ktp mobile panels ktp400f, ktp700, ktp700f, ktp900, and ktp900f update 4
- canonical/siemens simatic wincc runtime advanced update 4