Sign-up

ID

VAR-201902-0660


CVE

CVE-2018-3991


TITLE

WibuKey Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014512

DESCRIPTION

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. WibuKey Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable. Network server management is one of the network server managers

Trust: 2.07

sources: NVD: CVE-2018-3991 // JVNDB: JVNDB-2018-014512 // BID: 107005 // VULHUB: VHN-134022 // VULMON: CVE-2018-3991

AFFECTED PRODUCTS

vendor:wibumodel:wibukeyscope:eqversion:6.40.2402.500

Trust: 1.8

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.16

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.15

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.14

Trust: 1.0

vendor:siemensmodel:simatic wincc open architecturescope: - version: -

Trust: 0.8

vendor:wibumodel:ag wibukeyscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:sicamscope:eqversion:2307.20

Trust: 0.3

vendor:siemensmodel:sicamscope:eqversion:2300

Trust: 0.3

vendor:wibumodel:ag wibukeyscope:neversion:6.50

Trust: 0.3

sources: BID: 107005 // JVNDB: JVNDB-2018-014512 // NVD: CVE-2018-3991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3991
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3991
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-3991
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-866
value: CRITICAL

Trust: 0.6

VULHUB: VHN-134022
value: HIGH

Trust: 0.1

VULMON: CVE-2018-3991
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3991
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134022
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3991
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2018-3991
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-134022 // VULMON: CVE-2018-3991 // JVNDB: JVNDB-2018-014512 // CNNVD: CNNVD-201812-866 // NVD: CVE-2018-3991 // NVD: CVE-2018-3991

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-134022 // JVNDB: JVNDB-2018-014512 // NVD: CVE-2018-3991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-866

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-866

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014512

PATCH
title:SSA-844562url:https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
Trust: 0.8
title:SSA-760124:url:https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
Trust: 0.8
title:WibuKeyurl:https://www.wibu.com/products/wibukey.html
Trust: 0.8
title:Wibu-Systems WibuKey server management Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88046
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=94e0234dc40d4012c749057122b199d5
Trust: 0.1
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=65c9c9afcea0dc3f263138e8aeec5fa0
Trust: 0.1
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=cb657546b0a1dbe8012ab3dbcfb9d8a6
Trust: 0.1
title:Threatposturl:https://threatpost.com/siemens-critical-remote-code-execution/141768/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-3991 // 
            
            
            
            JVNDB: JVNDB-2018-014512 // 
            
            
            
            CNNVD: CNNVD-201812-866

EXTERNAL IDS
db:NVDid:CVE-2018-3991
Trust: 2.9
db:TALOSid:TALOS-2018-0659
Trust: 2.6
db:BIDid:107005
Trust: 2.1
db:SIEMENSid:SSA-760124
Trust: 1.8
db:SIEMENSid:SSA-844562
Trust: 1.8
db:SIEMENSid:SSA-902727
Trust: 1.8
db:ICS CERTid:ICSA-19-043-03
Trust: 1.8
db:JVNDBid:JVNDB-2018-014512
Trust: 0.8
db:CNNVDid:CNNVD-201812-866
Trust: 0.7
db:AUSCERTid:ESB-2019.0445.2
Trust: 0.6
db:VULHUBid:VHN-134022
Trust: 0.1
db:VULMONid:CVE-2018-3991
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134022 // 
            
            
            
            VULMON: CVE-2018-3991 // 
            
            
            
            BID: 107005 // 
            
            
            
            JVNDB: JVNDB-2018-014512 // 
            
            
            
            CNNVD: CNNVD-201812-866 // 
            
            
            
            NVD: CVE-2018-3991

REFERENCES
url:http://www.securityfocus.com/bid/107005
Trust: 3.1
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0659
Trust: 2.6
url:https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
Trust: 1.8
url:https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
Trust: 1.8
url:https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
Trust: 1.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-03
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-3991
Trust: 1.4
url:http://www.siemens.com/
Trust: 0.9
url:https://www.wibu.com/products.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3991
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0
Trust: 0.7
url:https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75498
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/siemens-critical-remote-code-execution/141768/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134022 // 
            
            
            
            VULMON: CVE-2018-3991 // 
            
            
            
            BID: 107005 // 
            
            
            
            JVNDB: JVNDB-2018-014512 // 
            
            
            
            CNNVD: CNNVD-201812-866 // 
            
            
            
            NVD: CVE-2018-3991

CREDITS
The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201812-866

SOURCES
db:VULHUBid:VHN-134022
db:VULMONid:CVE-2018-3991
db:BIDid:107005
db:JVNDBid:JVNDB-2018-014512
db:CNNVDid:CNNVD-201812-866
db:NVDid:CVE-2018-3991

LAST UPDATE DATE
2024-11-23T21:37:38.714000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134022date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-3991date:2022-04-19T00:00:00
db:BIDid:107005date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-014512date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-866date:2020-08-25T00:00:00
db:NVDid:CVE-2018-3991date:2024-11-21T04:06:27.043

SOURCES RELEASE DATE
db:VULHUBid:VHN-134022date:2019-02-05T00:00:00
db:VULMONid:CVE-2018-3991date:2019-02-05T00:00:00
db:BIDid:107005date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-014512date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201812-866date:2018-12-21T00:00:00
db:NVDid:CVE-2018-3991date:2019-02-05T23:29:00.387