CVE-2018-3991

{"id": "CVE-2018-3991", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2019-02-05T23:29:00.387", "references": [{"url": "http://www.securityfocus.com/bid/107005", "tags": ["Third Party Advisory", "VDB Entry"], "source": "talos-cna@cisco.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf", "tags": ["Mitigation", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf", "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de memoria din\u00e1mica (heap) explotable en la funci\u00f3n WkbProgramLow de WibuKey Network server management en su versi\u00f3n 6.40.2402.500. Un paquete TCP especialmente manipulado puede provocar un desbordamiento de memoria din\u00e1mica (heap), lo que podr\u00eda dar lugar a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar un paquete TCP mal formado para provocar esta vulnerabilidad."}], "lastModified": "2022-04-19T18:15:38.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wibu:wibukey:6.40.2402.500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7478DD89-FE09-48FB-BCE0-D8AAC0033306"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B761875D-6DFE-4FA1-8E2E-82C9E68592BE"}, {"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9830A70-1805-4FBB-9FB6-0E5649288F71"}, {"criteria": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:3.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "001D349A-B990-4700-9B22-F0AB8E9901D2"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}