Vulnerabilites related to siemens - sinumerik_pcu_base_win7_software\/ipc
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1206, tiene m\u00faltiples vulnerabilidades de error por un paso en el c\u00f3digo del cliente VNC conectadas con el uso incorrecto de la funci\u00f3n ClientConnection::ReadString, lo cual puede resultar, potencialmente, en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Se han solucionado estas vulnerabilidades en la revisi\u00f3n 1207."
}
],
"id": "CVE-2019-8268",
"lastModified": "2024-11-21T04:49:36.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.623",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
},
{
"lang": "es",
"value": "UltraVNX, en su revisi\u00f3n 1211, tiene una vulnerabilidad de desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en el c\u00f3digo del servidor VNC dentro de un manipulador de peticiones de trasferencia de archivos, lo que podr\u00eda resultar en, potencialmente, la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8273",
"lastModified": "2024-11-21T04:49:37.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.827",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1211, tiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila en el c\u00f3digo del servidor VNC dentro del manipulador de peticiones de trasferencia de datos, lo que puede resultar en una denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8276",
"lastModified": "2024-11-21T04:49:37.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.937",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 15:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1203, tiene m\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer de memoria din\u00e1mica (heap) en el c\u00f3digo del cliente VNC dentro del decodificador Ultra, lo que resulta en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante conectividad de red. Esto se ha solucionado en la revisi\u00f3n 1204."
}
],
"id": "CVE-2019-8262",
"lastModified": "2024-11-21T04:49:36.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T15:29:00.477",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 15:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1198, contiene m\u00faltiples fugas de memoria (CWE-655) en el c\u00f3digo del cliente VNC, lo que permite que un atacante lea memoria de la pila y puede aprovecharse para divulgar informaci\u00f3n. Si se combina con otra vulnerabilidad, puede emplearse para filtrar memoria de la pila y omitir el ASLR. Este ataque parece ser explotable mediante la conectividad de red. Esto se ha solucionado en la revisi\u00f3n 1199."
}
],
"id": "CVE-2019-8259",
"lastModified": "2024-11-21T04:49:35.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T15:29:00.367",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
},
{
"lang": "es",
"value": "La revisi\u00f3n 1211 de UltraVNC contiene m\u00faltiples fugas de memoria en el c\u00f3digo del servidor VNC, un atacante podr\u00eda leer la pila de memoria pudiendo revelar informaci\u00f3n. Combinado con otra vulnerabilidad podr\u00eda realizar una fuga de informaci\u00f3n y saltarse el ASLR. Este ataque parece poder realizarse a trav\u00e9s de conexi\u00f3n de red. La vulnerabilidad ha sido solucionada en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8277",
"lastModified": "2024-11-21T04:49:38.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.967",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1206, tiene un desbordamiento de b\u00fafer basado en pila en el c\u00f3digo del cliente VNC dentro del m\u00f3dulo \"FileTransfer\", lo cual conduce a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1207."
}
],
"id": "CVE-2019-8269",
"lastModified": "2024-11-21T04:49:37.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.657",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 15:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1198, tiene una vulnerabilidad de desbordamiento de b\u00fafer de memoria din\u00e1mica (heap) en el c\u00f3digo del cliente VNC, lo que resulta en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Esto se ha solucionado en la revisi\u00f3n 1199."
}
],
"id": "CVE-2019-8258",
"lastModified": "2024-11-21T04:49:35.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T15:29:00.320",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-05 15:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1205, tiene un desbordamiento de b\u00fafer basado en pila en el c\u00f3digo del cliente VNC dentro de la rutina ShowConnInfo, lo cual conduce a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. Se requiere interacci\u00f3n del usuario para desencadenar esta vulnerabilidad. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1206."
}
],
"id": "CVE-2019-8263",
"lastModified": "2024-11-21T04:49:36.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-05T15:29:00.507",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1211, tiene una vulnerabilidad de desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en el c\u00f3digo del servidor VNC dentro de un manipulador de oferta de trasferencia de archivos, lo que podr\u00eda resultar en, potencialmente, la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8274",
"lastModified": "2024-11-21T04:49:37.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.857",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1211, tiene una vulnerabilidad de desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en el c\u00f3digo VNC del servidor dentro de un manipulador de trasferencias de archivos, lo que, potencialmente, puede resultar en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8271",
"lastModified": "2024-11-21T04:49:37.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.717",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1211, tiene m\u00faltiples vulnerabilidades de terminaci\u00f3n nulo en el c\u00f3digo del servidor VNC, lo que podr\u00eda resultar en un acceso de datos fuera de l\u00edmites por parte de usuarios remotos. Este ataque parece ser explotable mediante la conectividad de red. Se han solucionado estas vulnerabilidades en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8275",
"lastModified": "2024-11-21T04:49:37.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.890",
"references": [
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/"
},
{
"source": "vulnerability@kaspersky.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-170"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-08 23:29
Modified
2024-11-21 04:49
Severity ?
Summary
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vulnerability@kaspersky.com | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| vulnerability@kaspersky.com | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/ | Third Party Advisory | |
| vulnerability@kaspersky.com | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.us-cert.gov/ics/advisories/icsa-20-161-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uvnc | ultravnc | * | |
| siemens | sinumerik_access_mymachine\/p2p | * | |
| siemens | sinumerik_pcu_base_win10_software\/ipc | * | |
| siemens | sinumerik_pcu_base_win7_software\/ipc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C",
"versionEndExcluding": "1.2.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9345335-DF62-4472-93CD-E2C85453F91E",
"versionEndExcluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7498412D-79FD-43FE-AD9B-5820FB5CF7D8",
"versionEndExcluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F603341-03C5-46CA-8A74-EC5A50135194",
"versionEndIncluding": "12.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
},
{
"lang": "es",
"value": "UltraVNC, en su revisi\u00f3n 1211, tiene una vulnerabilidad de error por un paso en el c\u00f3digo del servidor VNC, lo que podr\u00eda resultar, potencialmente, en la ejecuci\u00f3n de c\u00f3digo. Este ataque parece ser explotable mediante la conectividad de red. Se han solucionado estas vulnerabilidades en la revisi\u00f3n 1212."
}
],
"id": "CVE-2019-8272",
"lastModified": "2024-11-21T04:49:37.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-08T23:29:00.763",
"references": [
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/"
},
{
"source": "vulnerability@kaspersky.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"sourceIdentifier": "vulnerability@kaspersky.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "vulnerability@kaspersky.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-8271 (GCVE-0-2019-8271)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-16 23:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:53:56",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8271",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T23:26:16.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8274 (GCVE-0-2019-8274)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-16 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:55:11",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8274",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T19:35:36.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8268 (GCVE-0-2019-8268)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-193 - Off-by-one Error
Summary
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:52:16",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193: Off-by-one Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8268",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-17T01:16:16.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8269 (GCVE-0-2019-8269)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-17 00:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:52:57",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8269",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-17T00:30:43.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8263 (GCVE-0-2019-8263)
Vulnerability from cvelistv5
Published
2019-03-05 15:00
Modified
2024-09-16 23:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T11:53:57",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8263",
"datePublished": "2019-03-05T15:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T23:56:07.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8259 (GCVE-0-2019-8259)
Vulnerability from cvelistv5
Published
2019-03-05 15:00
Modified
2024-09-16 20:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-665 - Improper Initialization
Summary
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "UltraVNC",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665: Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T12:10:55",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "UltraVNC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665: Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8259",
"datePublished": "2019-03-05T15:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T20:59:11.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8276 (GCVE-0-2019-8276)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:55:54",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8276",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T18:33:31.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8277 (GCVE-0-2019-8277)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-08-04 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-665 - multiple memory leaks ()
Summary
UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: revision 1211 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "revision 1211"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "multiple memory leaks (CWE-665)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T12:26:17",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2019-8277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "revision 1211"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "multiple memory leaks (CWE-665)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/",
"refsource": "CONFIRM",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8277",
"datePublished": "2019-03-09T00:00:00",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-08-04T21:17:30.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8258 (GCVE-0-2019-8258)
Vulnerability from cvelistv5
Published
2019-03-05 15:00
Modified
2024-09-16 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "UltraVNC",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T21:33:11",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "UltraVNC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-004-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8258",
"datePublished": "2019-03-05T15:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T19:15:25.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8262 (GCVE-0-2019-8262)
Vulnerability from cvelistv5
Published
2019-03-05 15:00
Modified
2024-09-16 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "UltraVNC",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T11:52:18",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "UltraVNC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8262",
"datePublished": "2019-03-05T15:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T16:49:03.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8272 (GCVE-0-2019-8272)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-16 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-193 - Off-by-one Error
Summary
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193: Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:54:20",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193: Off-by-one Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8272",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T16:43:07.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8273 (GCVE-0-2019-8273)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-16 23:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T20:54:47",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8273",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-16T23:16:03.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8275 (GCVE-0-2019-8275)
Vulnerability from cvelistv5
Published
2019-03-09 00:00
Modified
2024-09-17 03:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-170 - Improper Null Termination
Summary
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | UltraVNC |
Version: 1.2.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:30.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UltraVNC",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.2.3"
}
]
}
],
"datePublic": "2019-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T12:15:25",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2019-03-01T00:00:00",
"ID": "CVE-2019-8275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UltraVNC",
"version": {
"version_data": [
{
"version_value": "1.2.2.3"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170: Improper Null Termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2019-8275",
"datePublished": "2019-03-09T00:00:00Z",
"dateReserved": "2019-02-12T00:00:00",
"dateUpdated": "2024-09-17T03:12:37.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}