Sign-up

ID

VAR-201902-0658


CVE

CVE-2018-3989


TITLE

WIBU-SYSTEMS WibuKey.sys Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-014594

DESCRIPTION

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable

Trust: 1.98

sources: NVD: CVE-2018-3989 // JVNDB: JVNDB-2018-014594 // BID: 107005 // VULMON: CVE-2018-3989

AFFECTED PRODUCTS

vendor:wibumodel:wibukeyscope:eqversion:6.40

Trust: 1.0

vendor:wibumodel:wibukeyscope:eqversion:6.40 (build 2400)

Trust: 0.8

vendor:wibumodel:ag wibukeyscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sicamscope:eqversion:2307.20

Trust: 0.3

vendor:siemensmodel:sicamscope:eqversion:2300

Trust: 0.3

vendor:wibumodel:ag wibukeyscope:neversion:6.50

Trust: 0.3

sources: BID: 107005 // JVNDB: JVNDB-2018-014594 // NVD: CVE-2018-3989

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3989
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3989
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3989
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-864
value: MEDIUM

Trust: 0.6

VULMON: CVE-2018-3989
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3989
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-3989
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2018-3989
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULMON: CVE-2018-3989 // JVNDB: JVNDB-2018-014594 // CNNVD: CNNVD-201812-864 // NVD: CVE-2018-3989 // NVD: CVE-2018-3989

PROBLEMTYPE DATA

problemtype:CWE-908

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2018-014594 // NVD: CVE-2018-3989

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-864

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-864

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014594

PATCH
title:WibuKeyurl:https://www.wibu.com/products/wibukey.html
Trust: 0.8
title:Wibu-Systems WibuKey Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88048
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=94e0234dc40d4012c749057122b199d5
Trust: 0.1
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=65c9c9afcea0dc3f263138e8aeec5fa0
Trust: 0.1
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=cb657546b0a1dbe8012ab3dbcfb9d8a6
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-3989 // 
            
            
            
            JVNDB: JVNDB-2018-014594 // 
            
            
            
            CNNVD: CNNVD-201812-864

EXTERNAL IDS
db:NVDid:CVE-2018-3989
Trust: 2.8
db:TALOSid:TALOS-2018-0657
Trust: 2.5
db:BIDid:107005
Trust: 2.0
db:ICS CERTid:ICSA-19-043-03
Trust: 1.8
db:SIEMENSid:SSA-844562
Trust: 1.7
db:SIEMENSid:SSA-902727
Trust: 1.7
db:SIEMENSid:SSA-760124
Trust: 1.7
db:JVNDBid:JVNDB-2018-014594
Trust: 0.8
db:AUSCERTid:ESB-2019.0445.2
Trust: 0.6
db:CNNVDid:CNNVD-201812-864
Trust: 0.6
db:VULMONid:CVE-2018-3989
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-3989 // 
            
            
            
            BID: 107005 // 
            
            
            
            JVNDB: JVNDB-2018-014594 // 
            
            
            
            CNNVD: CNNVD-201812-864 // 
            
            
            
            NVD: CVE-2018-3989

REFERENCES
url:http://www.securityfocus.com/bid/107005
Trust: 3.0
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0657
Trust: 2.5
url:https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
Trust: 1.7
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-03
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-3989
Trust: 1.4
url:http://www.siemens.com/
Trust: 0.9
url:https://www.wibu.com/products.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3989
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0
Trust: 0.7
url:https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75498
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/908.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-3989 // 
            
            
            
            BID: 107005 // 
            
            
            
            JVNDB: JVNDB-2018-014594 // 
            
            
            
            CNNVD: CNNVD-201812-864 // 
            
            
            
            NVD: CVE-2018-3989

CREDITS
The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201812-864

SOURCES
db:VULMONid:CVE-2018-3989
db:BIDid:107005
db:JVNDBid:JVNDB-2018-014594
db:CNNVDid:CNNVD-201812-864
db:NVDid:CVE-2018-3989

LAST UPDATE DATE
2024-11-23T21:37:38.682000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-3989date:2022-04-19T00:00:00
db:BIDid:107005date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-014594date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201812-864date:2020-08-25T00:00:00
db:NVDid:CVE-2018-3989date:2024-11-21T04:06:26.763

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-3989date:2019-02-05T00:00:00
db:BIDid:107005date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-014594date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201812-864date:2018-12-21T00:00:00
db:NVDid:CVE-2018-3989date:2019-02-05T23:29:00.310