Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-157
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SCADA Siemens Building Technologies. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SiteIQ Analytics V1.1, V1.2, and V1.3 | ||
| Siemens | N/A | Desigo XWP V5.00.204, V5.00.260, V5.10.142, V5.10.212, V6.00.184, V6.00.342 et V6.10.172 | ||
| Siemens | N/A | Annual Shading V1.0.4 et V1.1 | ||
| Siemens | N/A | License Management System (LMS) toutes versions antérieures à V2.1 SP3 (2.1.670) | ||
| Siemens | N/A | Siveillance Identity V1.1 | ||
| Siemens | N/A | Desigo ABT MP1.1 Build 845, MP1.15 Build 360, MP1.16 Build 055, MP1.2 Build 850, MP1.2.1 Build 318 et MP2.1 Build 965 | ||
| Siemens | N/A | Desigo CC MP1.1, MP2.0, MP2.1 et MP3.0 | ||
| Siemens | N/A | Desigo Configuration Manager (DCM) V6.10.140 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SiteIQ Analytics V1.1, V1.2, and V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo XWP V5.00.204, V5.00.260, V5.10.142, V5.10.212, V6.00.184, V6.00.342 et V6.10.172",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Annual Shading V1.0.4 et V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "License Management System (LMS) toutes versions ant\u00e9rieures \u00e0 V2.1 SP3 (2.1.670)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Identity V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo ABT MP1.1 Build 845, MP1.15 Build 360, MP1.16 Build 055, MP1.2 Build 850, MP1.2.1 Build 318 et MP2.1 Build 965",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC MP1.1, MP2.0, MP2.1 et MP3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo Configuration Manager (DCM) V6.10.140",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-11496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11496"
},
{
"name": "CVE-2017-12822",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12822"
},
{
"name": "CVE-2017-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12818"
},
{
"name": "CVE-2017-11498",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11498"
},
{
"name": "CVE-2017-12820",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12820"
},
{
"name": "CVE-2017-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12819"
},
{
"name": "CVE-2017-12821",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12821"
},
{
"name": "CVE-2017-11497",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11497"
}
],
"initial_release_date": "2018-03-29T00:00:00",
"last_revision_date": "2018-03-29T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-157",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-03-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SCADA\nSiemens Building Technologies. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SCADA Siemens Building Technologies",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-727467 du 28 mars 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
}
]
}
CVE-2017-12821 (GCVE-0-2017-12821)
Vulnerability from cvelistv5
Published
2017-10-03 13:00
Modified
2024-09-17 04:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory corruption might cause remote code execution
Summary
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gemalto | Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE |
Version: 7.55 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"vendor": "Gemalto",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory corruption in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory corruption might cause remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-12821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Gemalto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory corruption might cause remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2017-12821",
"datePublished": "2017-10-03T13:00:00Z",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-09-17T04:10:00.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11496 (GCVE-0-2017-11496)
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-in-popular-license-manager/"
},
{
"name": "102739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102739"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-in-popular-license-manager/"
},
{
"name": "102739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102739"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
},
{
"name": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx",
"refsource": "MISC",
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"name": "https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-in-popular-license-manager/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/alerts/2017/07/28/multiple-vulnerabilities-found-in-popular-license-manager/"
},
{
"name": "102739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102739"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11496",
"datePublished": "2017-10-02T21:00:00",
"dateReserved": "2017-07-20T00:00:00",
"dateUpdated": "2024-08-05T18:12:39.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12818 (GCVE-0-2017-12818)
Vulnerability from cvelistv5
Published
2017-10-03 13:00
Modified
2024-09-16 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Stack overflow in custom XML-parser leads to remote denial of service
Summary
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gemalto | Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE |
Version: 7.55 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-004-sentinel-ldk-rte-stack-overflow-in-custom-xml-parser-leads-to-remote-denial-of-service/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"vendor": "Gemalto",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack overflow in custom XML-parser in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack overflow in custom XML-parser leads to remote denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-004-sentinel-ldk-rte-stack-overflow-in-custom-xml-parser-leads-to-remote-denial-of-service/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-12818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Gemalto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack overflow in custom XML-parser in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack overflow in custom XML-parser leads to remote denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-004-sentinel-ldk-rte-stack-overflow-in-custom-xml-parser-leads-to-remote-denial-of-service/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-004-sentinel-ldk-rte-stack-overflow-in-custom-xml-parser-leads-to-remote-denial-of-service/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2017-12818",
"datePublished": "2017-10-03T13:00:00Z",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-09-16T20:47:00.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12819 (GCVE-0-2017-12819)
Vulnerability from cvelistv5
Published
2017-10-03 13:00
Modified
2024-09-17 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote manipulations with language pack updater lead to NTLM-relay attack for system user
Summary
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gemalto | Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE |
Version: 7.55 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"vendor": "Gemalto",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote manipulations with language pack updater lead to NTLM-relay attack for system user",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-12819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Gemalto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote manipulations with language pack updater lead to NTLM-relay attack for system user"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-005-sentinel-ldk-rte-remote-manipulations-with-language-pack-updater-lead-to-ntlm-relay-attack-for-system-user/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2017-12819",
"datePublished": "2017-10-03T13:00:00Z",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-09-17T03:07:04.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11497 (GCVE-0-2017-11497)
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"name": "102739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102739"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"name": "102739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102739"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
},
{
"name": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx",
"refsource": "MISC",
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"name": "102739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102739"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11497",
"datePublished": "2017-10-02T21:00:00",
"dateReserved": "2017-07-20T00:00:00",
"dateUpdated": "2024-08-05T18:12:40.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12820 (GCVE-0-2017-12820)
Vulnerability from cvelistv5
Published
2017-10-03 13:00
Modified
2024-09-17 04:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary memory read from controlled memory pointer leads to remote denial of service
Summary
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gemalto | Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE |
Version: 7.55 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"vendor": "Gemalto",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary memory read from controlled memory pointer in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary memory read from controlled memory pointer leads to remote denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-12820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Gemalto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary memory read from controlled memory pointer in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary memory read from controlled memory pointer leads to remote denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-006-sentinel-ldk-rte-arbitrary-memory-read-from-controlled-memory-pointer-leads-to-remote-denial-of-service/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2017-12820",
"datePublished": "2017-10-03T13:00:00Z",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-09-17T04:15:10.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11498 (GCVE-0-2017-11498)
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"
},
{
"name": "102739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102739"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"
},
{
"name": "102739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102739"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
},
{
"name": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx",
"refsource": "MISC",
"url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/"
},
{
"name": "102739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102739"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11498",
"datePublished": "2017-10-02T21:00:00",
"dateReserved": "2017-07-20T00:00:00",
"dateUpdated": "2024-08-05T18:12:40.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12822 (GCVE-0-2017-12822)
Vulnerability from cvelistv5
Published
2017-10-03 13:00
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote enabling and disabling admin interface leads to new attack vectors
Summary
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gemalto | Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE |
Version: 7.55 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"vendor": "Gemalto",
"versions": [
{
"status": "affected",
"version": "7.55"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote enabling and disabling admin interface in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote enabling and disabling admin interface leads to new attack vectors",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T09:57:01",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-12822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
"version": {
"version_data": [
{
"version_value": "7.55"
}
]
}
}
]
},
"vendor_name": "Gemalto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote enabling and disabling admin interface in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote enabling and disabling admin interface leads to new attack vectors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
},
{
"name": "102906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2017-12822",
"datePublished": "2017-10-03T13:00:00Z",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-09-17T00:51:29.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…