Lucene search

PRIOn knowledge basePRION:CVE-2019-8263

HistoryMar 05, 2019 - 3:29 p.m.

Stack overflow

2019-03-0515:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.

CPENameOperatorVersion
sinumerik_access_mymachine\\/p2plt4.8
sinumerik_pcu_base_win10_software\\/ipclt14.00
sinumerik_pcu_base_win7_software\\/ipcle12.01
ultravnclt1.2.2.3

Name	Operator	Version
sinumerik_access_mymachine\\/p2p	lt	4.8
sinumerik_pcu_base_win10_software\\/ipc	lt	14.00
sinumerik_pcu_base_win7_software\\/ipc	le	12.01
ultravnc	lt	1.2.2.3

References

cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf

cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf

cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf

ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/

ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/

us-cert.cisa.gov/ics/advisories/icsa-21-131-11

www.us-cert.gov/ics/advisories/icsa-20-161-06