Siemens SINUMERIK 828D/SINUMERIK 840D sl VNC Server access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.6 | $0-$5k | 0.04 |
A vulnerability classified as problematic was found in Siemens SINUMERIK 828D and SINUMERIK 840D sl (affected version unknown). Affected by this vulnerability is an unknown functionality of the component VNC Server. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect availability. The summary by CVE is:
A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to cause a Denial-of-Service condition of the VNC server. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.
The bug was discovered 12/12/2018. The weakness was released 12/12/2018 (Website). It is possible to read the advisory at cert-portal.siemens.com. This vulnerability is known as CVE-2018-11464 since 05/25/2018. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
Upgrading eliminates this vulnerability.Proper firewalling of tcp/5900 is able to address this issue. The best possible mitigation is suggested to be upgrading to the latest version.
Entries connected to this vulnerability are available at 127884, 127886, 127887 and 127888.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.7VulDB Meta Temp Score: 3.6
VulDB Base Score: 3.7
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 3.7
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Firewalling: 🔍
Timeline
05/25/2018 🔍12/11/2018 🔍
12/12/2018 🔍
12/12/2018 🔍
12/12/2018 🔍
12/13/2018 🔍
06/18/2023 🔍
Sources
Vendor: siemens.comAdvisory: ssa-170881
Status: Not defined
Confirmation: 🔍
CVE: CVE-2018-11464 (🔍)
SecurityFocus: 106185 - Siemens SINUMERIK Controllers Multiple Security Vulnerabilities
See also: 🔍
Entry
Created: 12/13/2018 08:53Updated: 06/18/2023 14:00
Changes: 12/13/2018 08:53 (59), 04/20/2020 14:33 (4), 06/18/2023 14:00 (3)
Complete: 🔍
Cache ID: 3:663:103
No comments yet. Languages: en.
Please log in to comment.