CVE-2019-8277
First published: Fri Mar 08 2019(Updated: )
UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
Credit: vulnerability@kaspersky.com vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| UltraVNC | <1.2.2.3 | |
| Siemens Sinumerik Access MyMachine/P2P | <4.8 | |
| Siemens Sinumerik PCU Base Win10 Software | <14.00 | |
| Siemens Sinumerik PCU Base Win7 Software/IPC | <=12.01 | |
| Siemens SINAMICS GH150 | ||
| Siemens SINAMICS GL150 Firmware | ||
| Siemens SINAMICS GM150 (with option X30) | ||
| Siemens SINAMICS SH150 firmware | ||
| Siemens SINAMICS SL150 | ||
| Siemens SINAMICS SM120 | ||
| Siemens SINAMICS SM150 Firmware | ||
| Siemens SINAMICS SM150i firmware | ||
| Siemens SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl. SIPLUS variants) Update 4 | <16 | 16 |
| Siemens SIMATIC HMI Comfort Panels | <16 | 16 |
| Siemens SIMATIC HMI Mobile Panels | <16 | 16 |
| Siemens SIMATIC WinCC Runtime Advanced | <16 | 16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-04 (Advisory)
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-131-11 (Advisory)
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/ics-cert-advisory
- source/ICS
- vendor/uvnc
- canonical/ultravnc
- vendor/siemens
- canonical/siemens sinumerik access mymachine/p2p
- canonical/siemens sinumerik pcu base win10 software
- canonical/siemens sinumerik pcu base win7 software/ipc
- version/siemens sinumerik pcu base win7 software/ipc/12.01
- canonical/siemens sinamics gh150
- canonical/siemens sinamics gl150 firmware
- canonical/siemens sinamics gm150 (with option x30)
- canonical/siemens sinamics sh150 firmware
- canonical/siemens sinamics sl150
- canonical/siemens sinamics sm120
- canonical/siemens sinamics sm150 firmware
- canonical/siemens sinamics sm150i firmware
- canonical/siemens simatic hmi comfort outdoor panels 7’ and 15’ (incl. siplus variants) update 4
- canonical/siemens simatic hmi comfort panels
- canonical/siemens simatic hmi mobile panels
- canonical/siemens simatic wincc runtime advanced