CVE-2018-11459
Description
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could modify a user-writeable configuration file so that after reboot or manual initiation the system reloads the modified configuration file and attacker-controlled code is executed with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Affected products
4- Range: V4.7 All versions, V4.8 All versions
- Range: V4.7 All versions < V4.7 SP6 HF1
- Range: V4.7 All versions < V4.7 SP6 HF5, V4.8 All versions < V4.8 SP3
- Siemens AG/SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8v5Range: SINUMERIK 808D V4.7 : All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/106185mitrevdb-entryx_refsource_BID
- cert-portal.siemens.com/productcert/pdf/ssa-170881.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.