Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-3989 (GCVE-0-2018-3989)
Vulnerability from cvelistv5 – Published: 2019-02-05 22:00 – Updated: 2024-08-05 04:57
VLAI
EPSS
Summary
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Severity
4.3 (Medium)
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107005 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
Date Public
2018-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:37.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3989",
"datePublished": "2019-02-05T22:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:57:24.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-3989",
"date": "2026-06-01",
"epss": "0.00138",
"percentile": "0.33467"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DAB4985-4CF4-42FF-B85C-362E56310075\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de exposici\\u00f3n de memoria del kernel explotable en la funcionalidad del gestor IOCTL 0x8200E804 de WibuKey.sys de WIBI-SYSTEMS, en su versi\\u00f3n 6.40 (en el build 2400). Una petici\\u00f3n IRP especialmente manipulada puede causar que el controlador devuelva memoria no inicializada, conduciendo a una exposici\\u00f3n de la memoria del kernel. Un atacante puede enviar una petici\\u00f3n IRP para provocar esta vulnerabilidad.\"}]",
"id": "CVE-2018-3989",
"lastModified": "2024-11-21T04:06:26.763",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-02-05T23:29:00.310",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/107005\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-3989\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2019-02-05T23:29:00.310\",\"lastModified\":\"2024-11-21T04:06:26.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de exposici\u00f3n de memoria del kernel explotable en la funcionalidad del gestor IOCTL 0x8200E804 de WibuKey.sys de WIBI-SYSTEMS, en su versi\u00f3n 6.40 (en el build 2400). Una petici\u00f3n IRP especialmente manipulada puede causar que el controlador devuelva memoria no inicializada, conduciendo a una exposici\u00f3n de la memoria del kernel. Un atacante puede enviar una petici\u00f3n IRP para provocar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DAB4985-4CF4-42FF-B85C-362E56310075\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107005\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
GSD-2018-3989
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-3989",
"description": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"id": "GSD-2018-3989"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-3989"
],
"details": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"id": "GSD-2018-3989",
"modified": "2023-12-13T01:22:43.129499Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "107005",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-19T18:15Z",
"publishedDate": "2019-02-05T23:29Z"
}
}
}
ICSA-19-043-03
Vulnerability from csaf_cisa - Published: 2019-02-12 00:00 - Updated: 2019-05-14 00:00Summary
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.
Critical infrastructure sectors: Commercial Facilities, Communications, Critical Manufacturing, Energy, Financial Services, Healthcare and Public Health, Transportation Systems
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices: NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:
4.3 (Medium)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SICAM 230: All Versions 7.20 and prior
WIBU-SYSTEMS AG / Siemens SICAM 230
|
<= 7.20 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.16: All versions prior to vP007
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.16
|
< P007 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Siemens SISHIP EMCS IMAC IPMS: All versions
WIBU-SYSTEMS AG / Siemens SISHIP EMCS IMAC IPMS
|
vers:all/* |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Sprecher Automation SPRECON-V460 products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)
WIBU-SYSTEMS AG / Sprecher Automation SPRECON-V460 products
|
<= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually) |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
COPA-DATA straton workbench: All Versions 9.2 and prior
WIBU-SYSTEMS AG / COPA-DATA straton workbench
|
<= 9.2 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Phoenix Contact MEVIEW3: All versions prior to 3.14.25 and 3.15.18
WIBU-SYSTEMS AG / Phoenix Contact MEVIEW3
|
<= 3.14.25 | 3.15.18 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.14: All versions prior to vP025
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.14
|
< P025 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.15: All versions prior to vP018
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.15
|
< P018 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
COPA-DATA zenon products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)
WIBU-SYSTEMS AG / COPA-DATA zenon products
|
<= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually) |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
9.3 (Critical)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SICAM 230: All Versions 7.20 and prior
WIBU-SYSTEMS AG / Siemens SICAM 230
|
<= 7.20 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.16: All versions prior to vP007
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.16
|
< P007 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Siemens SISHIP EMCS IMAC IPMS: All versions
WIBU-SYSTEMS AG / Siemens SISHIP EMCS IMAC IPMS
|
vers:all/* |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Sprecher Automation SPRECON-V460 products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)
WIBU-SYSTEMS AG / Sprecher Automation SPRECON-V460 products
|
<= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually) |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
COPA-DATA straton workbench: All Versions 9.2 and prior
WIBU-SYSTEMS AG / COPA-DATA straton workbench
|
<= 9.2 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Phoenix Contact MEVIEW3: All versions prior to 3.14.25 and 3.15.18
WIBU-SYSTEMS AG / Phoenix Contact MEVIEW3
|
<= 3.14.25 | 3.15.18 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.14: All versions prior to vP025
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.14
|
< P025 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.15: All versions prior to vP018
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.15
|
< P018 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
COPA-DATA zenon products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)
WIBU-SYSTEMS AG / COPA-DATA zenon products
|
<= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually) |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
10.0 (Critical)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens SICAM 230: All Versions 7.20 and prior
WIBU-SYSTEMS AG / Siemens SICAM 230
|
<= 7.20 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.16: All versions prior to vP007
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.16
|
< P007 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Siemens SISHIP EMCS IMAC IPMS: All versions
WIBU-SYSTEMS AG / Siemens SISHIP EMCS IMAC IPMS
|
vers:all/* |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Sprecher Automation SPRECON-V460 products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)
WIBU-SYSTEMS AG / Sprecher Automation SPRECON-V460 products
|
<= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually) |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
COPA-DATA straton workbench: All Versions 9.2 and prior
WIBU-SYSTEMS AG / COPA-DATA straton workbench
|
<= 9.2 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
Phoenix Contact MEVIEW3: All versions prior to 3.14.25 and 3.15.18
WIBU-SYSTEMS AG / Phoenix Contact MEVIEW3
|
<= 3.14.25 | 3.15.18 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.14: All versions prior to vP025
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.14
|
< P025 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
3.15: All versions prior to vP018
WIBU-SYSTEMS AG / Siemens SIMATIC WinCC OA 3.15
|
< P018 |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
|
|
COPA-DATA zenon products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)
WIBU-SYSTEMS AG / COPA-DATA zenon products
|
<= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually) |
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
|
References
12 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities may allow information disclosure, privilege escalation, or remote code execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities, Communications, Critical Manufacturing, Energy, Financial Services, Healthcare and Public Health, Transportation Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-043-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-043-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-043-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-043-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-043-03"
}
],
"title": "WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)",
"tracking": {
"current_release_date": "2019-05-14T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-043-03",
"initial_release_date": "2019-02-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-02-12T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-043-03 Siemens Licensing Software for SICAM 230"
},
{
"date": "2019-02-14T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-19-043-03 Siemens Licensing Software for SICAM 230 (Update A)"
},
{
"date": "2019-03-12T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-19-043-03 WIBU-SYSTEMS AG WibuKey Digital Rights Management (Update B)"
},
{
"date": "2019-04-09T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-19-043-03 WIBU SYSTEMS AG WibuKey Digital Rights Management (Update C)"
},
{
"date": "2019-05-14T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-19-043-03 WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 7.20",
"product": {
"name": "Siemens SICAM 230: All Versions 7.20 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Siemens SICAM 230"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c P007",
"product": {
"name": "3.16: All versions prior to vP007",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Siemens SIMATIC WinCC OA 3.16"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Siemens SISHIP EMCS IMAC IPMS: All versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Siemens SISHIP EMCS IMAC IPMS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product": {
"name": "Sprecher Automation SPRECON-V460 products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Sprecher Automation SPRECON-V460 products"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 9.2",
"product": {
"name": "COPA-DATA straton workbench: All Versions 9.2 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "COPA-DATA straton workbench"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 3.14.25 | 3.15.18",
"product": {
"name": "Phoenix Contact MEVIEW3: All versions prior to 3.14.25 and 3.15.18",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Phoenix Contact MEVIEW3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c P025",
"product": {
"name": "3.14: All versions prior to vP025",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Siemens SIMATIC WinCC OA 3.14"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c P018",
"product": {
"name": "3.15: All versions prior to vP018",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Siemens SIMATIC WinCC OA 3.15"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 7.20 (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product": {
"name": "COPA-DATA zenon products: All Versions 7.20 and prior (7.50 and 7.60 may also be affected if WibuKey was installed manually)",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "COPA-DATA zenon products"
}
],
"category": "vendor",
"name": "WIBU-SYSTEMS AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3989",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "A specially crafted IRP (I/O request packet) can cause the driver to return uninitialized memory, which may result in kernel memory disclosure.CVE-2018-3989 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3989"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Updated Wibu Systems Software can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "https://www.wibu.com/support/user/downloads-user-software.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.wibu.com/support/user/downloads-user-software.html"
},
{
"category": "vendor_fix",
"details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"category": "vendor_fix",
"details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
},
{
"category": "vendor_fix",
"details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
},
{
"category": "vendor_fix",
"details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.phoenixcontact.com/psirt",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
},
{
"category": "vendor_fix",
"details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2018-3990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A specially crafted IRP (I/O request packet) can cause a buffer overflow resulting in kernel memory corruption, which may allow privilege escalation.CVE-2018-3990 has been assigned to this vulnerability. A CVSS v3 base score of 9.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3990"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Updated Wibu Systems Software can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "https://www.wibu.com/support/user/downloads-user-software.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.wibu.com/support/user/downloads-user-software.html"
},
{
"category": "vendor_fix",
"details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"category": "vendor_fix",
"details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
},
{
"category": "vendor_fix",
"details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
},
{
"category": "vendor_fix",
"details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.phoenixcontact.com/psirt",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
},
{
"category": "vendor_fix",
"details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2018-3991",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A specially crafted TCP packet sent to Port 22347/TCP can cause a heap overflow, which may lead to remote code execution.CVE-2018-3991 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3991"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Updated Wibu Systems Software can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "https://www.wibu.com/support/user/downloads-user-software.html",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.wibu.com/support/user/downloads-user-software.html"
},
{
"category": "vendor_fix",
"details": "Siemens has an updated software version for the affected SISHIP products that resolves the vulnerabilities. Users are advised to contact Siemens customer support for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "Siemens has released the following updates for WinCC OA that address the WibuKey vulnerabilities (login required):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.winccoa.com/downloads/category/patches-316-1.html"
},
{
"category": "vendor_fix",
"details": "WinCC OA users can also apply the following general mitigations below to resolve the vulnerabilities.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Siemens recommends users upgrade to WibuKey DRM Version 6.50 or newer for all affected Siemens products. Siemens also recommends mitigating CVE-2018-3991 by blocking Port 22347/TCP. For detailed information, see Siemens security advisories SSA-760124, SSA-844562, and SSA-902727 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"category": "vendor_fix",
"details": "COPA-DATA recommends users upgrade WibuKey DRM to Version 6.50a or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see COPA_DATA \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.copadata.com/fileadmin/user_upload/faq/files/CD_SVA_2019_1.pdf"
},
{
"category": "vendor_fix",
"details": "Sprecher Automation recommends users upgrade WibuKey DRM to Version 6.50b or newer, restrict physical and network access, segment network traffic, ensure systems using WibuKey WkLAN Server are not external facing, and apply application whitelisting. For detailed information, see Sprecher Automation \u0027s security advisory at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.sprecher-automation.com/fileadmin/kundendaten/teaser/News/2018/SPRECON-V460_Security_Vulnerability_Announcement_2019-01_Issue_1.pdf"
},
{
"category": "vendor_fix",
"details": "Phoenix Contact has calculated different CVSS vectors from those in the Vulnerability Overview section. See the Phoenix Contact or CERT@VDE advisory for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Phoenix Contact recommends those using dongle-based licensing to update to WibuKey Version 6.50 or newer. MEVIEW3 Versions 3.14.25 and 3.15.18 will include Version 6.50 of WibuKey. For those using hardware code-based licensing, Phoenix Contact recommends removing the WibuKey application. For detailed information, the Phoenix Contact MEVIEW3 security advisory can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://www.phoenixcontact.com/psirt",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
},
{
"category": "vendor_fix",
"details": "CERT@VDE has also published an advisory for the Phoenix Contact MEVIEW3 at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "https://cert.vde.com/de-de/advisories/vde-2019-003",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.phoenixcontact.com/psirt"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
}
]
}
VAR-201902-0658
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0658",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wibukey",
"scope": "eq",
"trust": 1.0,
"vendor": "wibu",
"version": "6.40"
},
{
"model": "wibukey",
"scope": "eq",
"trust": 0.8,
"vendor": "wibu",
"version": "6.40 (build 2400)"
},
{
"model": "ag wibukey",
"scope": "eq",
"trust": 0.3,
"vendor": "wibu",
"version": "0"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2307.20"
},
{
"model": "sicam",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2300"
},
{
"model": "ag wibukey",
"scope": "ne",
"trust": 0.3,
"vendor": "wibu",
"version": "6.50"
}
],
"sources": [
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:wibu:wibukey:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.,Siemens and BSI Germany reported these vulnerabilities to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
},
"cve": "CVE-2018-3989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-3989",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3989",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3989",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3989",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-864",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-3989",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. \nWibuKey versions prior to 6.50 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "VULMON",
"id": "CVE-2018-3989"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3989",
"trust": 2.8
},
{
"db": "TALOS",
"id": "TALOS-2018-0657",
"trust": 2.5
},
{
"db": "BID",
"id": "107005",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-03",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-844562",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-902727",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-760124",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0445.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-3989",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"id": "VAR-201902-0658",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5969863
},
"last_update_date": "2023-12-18T12:28:31.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WibuKey",
"trust": 0.8,
"url": "https://www.wibu.com/products/wibukey.html"
},
{
"title": "Wibu-Systems WibuKey Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88048"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=94e0234dc40d4012c749057122b199d5"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=65c9c9afcea0dc3f263138e8aeec5fa0"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=cb657546b0a1dbe8012ab3dbcfb9d8a6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/107005"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0657"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3989"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/"
},
{
"trust": 0.9,
"url": "https://www.wibu.com/products.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3989"
},
{
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-03-0"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/siemens-simatic-wincc-oa-multiple-vulnerabilities-via-wibukey-drm-28614"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75498"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"db": "BID",
"id": "107005"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"date": "2019-02-05T23:29:00.310000",
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-3989"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107005"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014594"
},
{
"date": "2022-04-19T18:15:37.227000",
"db": "NVD",
"id": "CVE-2018-3989"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WIBU-SYSTEMS WibuKey.sys Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-864"
}
],
"trust": 0.6
}
}
VDE-2019-003
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-03-05 10:35 - Updated: 2025-05-14 13:00Summary
PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3
Notes
Summary: Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18
Impact: **Remote Code Execution Vulnerability:**
WIBU-SYSTEMS WibuKey network server management remote code execution vulnerability. The vulnerability affects all operating systems...
**Privilege Escalation Vulnerability:**
WIBU-SYSTEMS WibuKey.sys pool has a corruption privilege escalation vulnerability. The vulnerability affects Windows systems...
Mitigation: 1. Dongle based licensing:
Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)
2. Hardwarecode-based licensing:
Removing the WibuKey application.
For further information please refer to:
[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Remediation: WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
9.8 (Critical)
Vendor Fix
WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
Mitigation
1. Dongle based licensing:
Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)
2. Hardwarecode-based licensing:
Removing the WibuKey application.
For further information please refer to:
[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — |
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — |
An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.
7.8 (High)
Vendor Fix
WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
Mitigation
1. Dongle based licensing:
Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)
2. Hardwarecode-based licensing:
Removing the WibuKey application.
For further information please refer to:
[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — |
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — |
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
5.5 (Medium)
Vendor Fix
WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
Mitigation
1. Dongle based licensing:
Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)
2. Hardwarecode-based licensing:
Removing the WibuKey application.
For further information please refer to:
[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — |
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
WIBU-SYSTEMS AG
www.wibu.com/
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "WIBU-SYSTEMS AG",
"summary": "reporting",
"urls": [
"https://www.wibu.com/"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18",
"title": "Summary"
},
{
"category": "description",
"text": "**Remote Code Execution Vulnerability:**\nWIBU-SYSTEMS WibuKey network server management remote code execution vulnerability. The vulnerability affects all operating systems...\n\n**Privilege Escalation Vulnerability:**\nWIBU-SYSTEMS WibuKey.sys pool has a corruption privilege escalation vulnerability. The vulnerability affects Windows systems...",
"title": "Impact"
},
{
"category": "description",
"text": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
"title": "Mitigation"
},
{
"category": "description",
"text": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact"
},
{
"category": "self",
"summary": "VDE-2019-003: PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-003"
},
{
"category": "self",
"summary": "VDE-2019-003: PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3 - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-003.json"
}
],
"title": "PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3",
"tracking": {
"aliases": [
"VDE-2019-003"
],
"current_release_date": "2025-05-14T13:00:14.000Z",
"generator": {
"date": "2024-08-01T11:43:13.376Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.9"
}
},
"id": "VDE-2019-003",
"initial_release_date": "2019-03-05T10:35:00.000Z",
"revision_history": [
{
"date": "2019-03-05T10:35:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added alias, added self-reference"
},
{
"date": "2025-05-14T13:00:14.000Z",
"number": "3",
"summary": "Fix: added distribution"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MEVIEW3",
"product": {
"name": "MEVIEW3",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.14.25",
"product": {
"name": "Firmware \u003c3.14.25",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c3.15.18",
"product": {
"name": "Firmware \u003c3.15.18",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version",
"name": "3.14.25",
"product": {
"name": "Firmware 3.14.25",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "3.15.18",
"product": {
"name": "Firmware 3.15.18",
"product_id": "CSAFPID-22002"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.14.25 installed on MEVIEW3",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c3.15.18 installed on MEVIEW3",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.14.25 installed on MEVIEW3",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 3.15.18 installed on MEVIEW3",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-3991",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2018-3991"
},
{
"cve": "CVE-2018-3990",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2018-3990"
},
{
"cve": "CVE-2018-3989",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2018-3989"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…