cve-2018-20749

Vulnerability from cvelistv5

Published

2019-01-30 18:00

Modified

2024-08-05 12:12

Severity ?

Summary

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/106825	Broken Link
cve@mitre.org	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch, Third Party Advisory
cve@mitre.org	https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707	Patch, Third Party Advisory
cve@mitre.org	https://github.com/LibVNC/libvncserver/issues/273	Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List, Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3877-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4547-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4587-1/	Third Party Advisory
cve@mitre.org	https://www.openwall.com/lists/oss-security/2018/12/10/8	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106825	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/LibVNC/libvncserver/issues/273	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3877-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4547-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4587-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2018/12/10/8	Exploit, Mailing List, Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:12:27.679Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
          },
          {
            "name": "106825",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106825"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/LibVNC/libvncserver/issues/273"
          },
          {
            "name": "USN-3877-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3877-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
          },
          {
            "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
          },
          {
            "name": "USN-4547-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4547-1/"
          },
          {
            "name": "USN-4587-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4587-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-14T13:06:35",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
        },
        {
          "name": "106825",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106825"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/LibVNC/libvncserver/issues/273"
        },
        {
          "name": "USN-3877-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3877-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
        },
        {
          "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
        },
        {
          "name": "USN-4547-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4547-1/"
        },
        {
          "name": "USN-4587-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4587-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
            },
            {
              "name": "106825",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106825"
            },
            {
              "name": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707",
              "refsource": "MISC",
              "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
            },
            {
              "name": "https://github.com/LibVNC/libvncserver/issues/273",
              "refsource": "MISC",
              "url": "https://github.com/LibVNC/libvncserver/issues/273"
            },
            {
              "name": "USN-3877-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3877-1/"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2018/12/10/8",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4547-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4547-1/"
            },
            {
              "name": "USN-4587-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4587-1/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-20749",
    "datePublished": "2019-01-30T18:00:00",
    "dateReserved": "2019-01-30T00:00:00",
    "dateUpdated": "2024-08-05T12:12:27.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-20749\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-01-30T18:29:00.410\",\"lastModified\":\"2024-11-21T04:02:05.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.\"},{\"lang\":\"es\",\"value\":\"LibVNC, en versiones anteriores a la 0.9.12, contiene una vulnerabilidad de escritura fuera de l\u00edmites en la memoria din\u00e1mica (heap) en libvncserver/rfbserver.c. La soluci\u00f3n para CVE-2018-15127 era incompleta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.12\",\"matchCriteriaId\":\"DEF1BF44-78B8-44E3-9A5A-29AB8111322B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.2.1.0\",\"matchCriteriaId\":\"3A664216-EEA0-423F-8E11-59C746FDEEFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9596C8CD-B03F-4E9D-82AB-0986FDD1B47C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.2.1.0\",\"matchCriteriaId\":\"CD78291E-48D8-4718-AE14-BDF93BD557D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB898D3-07A3-42A1-8F1B-53C3B005982D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.2.1.0\",\"matchCriteriaId\":\"AD1209DE-2724-493D-8276-1BE959BFE6BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A9143A6-A93A-45CA-8A1F-6EE30647B54A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.2.1.0\",\"matchCriteriaId\":\"92F7FC17-F19F-4BD6-9704-49B67D22B532\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D34BD13-4E71-48A2-851D-AE7CE2A03C28\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.2.1.0\",\"matchCriteriaId\":\"FE4A6F13-385B-4A13-B8D8-3BBC4E9D5B67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E63E423-7450-4043-B33B-3FFF5BBE1CB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0.0\",\"versionEndExcluding\":\"3.2.1.0\",\"matchCriteriaId\":\"71A51CA4-1A62-47BC-99A3-4DC9F3986FF5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD278558-AB0E-4FC1-9E5B-6B57D29CB86A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106825\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/LibVNC/libvncserver/issues/273\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3877-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4547-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4587-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2018/12/10/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/LibVNC/libvncserver/issues/273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3877-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4547-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4587-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2018/12/10/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================== Ubuntu Security Notice USN-4547-1 September 28, 2020

italc vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in iTALC.

Software Description: - italc: didact tool which allows teachers to view and control computer labs

Details:

It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681)

It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04 LTS: italc-client 1:3.0.3+dfsg1-3ubuntu0.1 italc-master 1:3.0.3+dfsg1-3ubuntu0.1 libitalccore 1:3.0.3+dfsg1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References: https://usn.ubuntu.com/4547-1 CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681

Package Information: https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1

-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1643",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic itc2200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.0.0"
      },
      {
        "model": "libvncserver",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "libvnc",
        "version": "0.9.12"
      },
      {
        "model": "simatic itc1500 pro",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.0.0"
      },
      {
        "model": "simatic itc2200 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1.0"
      },
      {
        "model": "simatic itc1900 pro",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.0.0"
      },
      {
        "model": "simatic itc2200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "simatic itc1900",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "simatic itc1500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "simatic itc2200 pro",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "simatic itc1900 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1.0"
      },
      {
        "model": "simatic itc1500 pro",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1.0"
      },
      {
        "model": "simatic itc1900",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1.0"
      },
      {
        "model": "simatic itc1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.2.1.0"
      },
      {
        "model": "ubuntu",
        "scope": null,
        "trust": 0.8,
        "vendor": "canonical",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "libvncserver",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "libvnc",
        "version": "0.9.12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server update services for sap solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.6"
      },
      {
        "model": "enterprise linux server extended update support",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux for power little endian extended update supp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "-7.6"
      },
      {
        "model": "enterprise linux for power little endian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux for power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "97"
      },
      {
        "model": "enterprise linux for arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "647"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "libvncserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libvncserver",
        "version": "0.9.11"
      },
      {
        "model": "libvncserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libvncserver",
        "version": "0.9.10"
      },
      {
        "model": "libvncserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libvncserver",
        "version": "0.9.9"
      },
      {
        "model": "libvncserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "libvncserver",
        "version": "0.9.8"
      },
      {
        "model": "libvncserver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "libvncserver",
        "version": "0.9.12"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:debian:debian_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:libvncserver_project:libvncserver",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Solar Designer",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-20749",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-20749",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-20749",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-20749",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-20749",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-20749",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-1017",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. \nVersions prior to LibVNCServer 0.9.12 are vulnerable. \nNote: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ==========================================================================\nUbuntu Security Notice USN-4547-1\nSeptember 28, 2020\n\nitalc vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in iTALC. \n\nSoftware Description:\n- italc: didact tool which allows teachers to view and control computer labs\n\nDetails:\n\nIt was discovered that an information disclosure vulnerability existed in the\nLibVNCServer vendored in iTALC when sending a ServerCutText message. An\nattacker could possibly use this issue to expose sensitive information. \n(CVE-2019-15681)\n\nIt was discovered that the LibVNCServer and LibVNCClient vendored in iTALC\nincorrectly handled certain packet lengths. \n(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,\nCVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,\nCVE-2018-7225, CVE-2019-15681)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n  italc-client                    1:3.0.3+dfsg1-3ubuntu0.1\n  italc-master                    1:3.0.3+dfsg1-3ubuntu0.1\n  libitalccore                    1:3.0.3+dfsg1-3ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  https://usn.ubuntu.com/4547-1\n  CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021,\n  CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748,\n  CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "BID",
        "id": "106825"
      },
      {
        "db": "PACKETSTORM",
        "id": "159308"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-20749",
        "trust": 2.8
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2018/12/10/8",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "106825",
        "trust": 1.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-390195",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159308",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3625",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3329.2",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4032",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3329",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0460",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121649",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "PACKETSTORM",
        "id": "159308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "id": "VAR-201901-1643",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.33603895
  },
  "last_update_date": "2024-11-23T19:27:09.066000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[SECURITY] [DLA 1652-1] libvncserver security update",
        "trust": 0.8,
        "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
      },
      {
        "title": "Error out in rfbProcessFileTransferReadBuffer if length can not be al\u2026",
        "trust": 0.8,
        "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
      },
      {
        "title": "USN-3877-1",
        "trust": 0.8,
        "url": "https://usn.ubuntu.com/3877-1/"
      },
      {
        "title": "LibVNC Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89047"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.securityfocus.com/bid/106825"
      },
      {
        "trust": 2.7,
        "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
      },
      {
        "trust": 1.9,
        "url": "https://github.com/libvnc/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
      },
      {
        "trust": 1.9,
        "url": "https://usn.ubuntu.com/3877-1/"
      },
      {
        "trust": 1.9,
        "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
      },
      {
        "trust": 1.9,
        "url": "https://github.com/libvnc/libvncserver/issues/273"
      },
      {
        "trust": 1.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4587-1/"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://usn.ubuntu.com/4547-1/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20749"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20749"
      },
      {
        "trust": 0.6,
        "url": "https://security-tracker.debian.org/tracker/dla-1979-1"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3329/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3625/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75562"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159308/ubuntu-security-notice-usn-4547-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121649"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4032/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3329.2/"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/libvnc/libvncserver"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/libvnc/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20749"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15681"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20024"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15127"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20022"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4547-1"
      },
      {
        "trust": 0.1,
        "url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7225"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "PACKETSTORM",
        "id": "159308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "106825"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "db": "PACKETSTORM",
        "id": "159308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-31T00:00:00",
        "db": "BID",
        "id": "106825"
      },
      {
        "date": "2019-03-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "date": "2020-09-28T20:30:26",
        "db": "PACKETSTORM",
        "id": "159308"
      },
      {
        "date": "2019-01-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      },
      {
        "date": "2019-01-30T18:29:00.410000",
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-31T00:00:00",
        "db": "BID",
        "id": "106825"
      },
      {
        "date": "2019-03-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      },
      {
        "date": "2021-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      },
      {
        "date": "2024-11-21T04:02:05.370000",
        "db": "NVD",
        "id": "CVE-2018-20749"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159308"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "LibVNC Vulnerable to out-of-bounds writing",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014091"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-1017"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-20749

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Aliases

CVE-2018-20749

Aliases

CVE-2018-20749

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-20749",
    "description": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",
    "id": "GSD-2018-20749",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-20749.html",
      "https://ubuntu.com/security/CVE-2018-20749",
      "https://advisories.mageia.org/CVE-2018-20749.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-20749"
      ],
      "details": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",
      "id": "GSD-2018-20749",
      "modified": "2023-12-13T01:22:29.471256Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-20749",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
          },
          {
            "name": "106825",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106825"
          },
          {
            "name": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707",
            "refsource": "MISC",
            "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
          },
          {
            "name": "https://github.com/LibVNC/libvncserver/issues/273",
            "refsource": "MISC",
            "url": "https://github.com/LibVNC/libvncserver/issues/273"
          },
          {
            "name": "USN-3877-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3877-1/"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2018/12/10/8",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
          },
          {
            "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
          },
          {
            "name": "USN-4547-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4547-1/"
          },
          {
            "name": "USN-4587-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4587-1/"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.2.1.0",
                    "versionStartIncluding": "3.0.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-20749"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2018/12/10/8",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
            },
            {
              "name": "https://github.com/LibVNC/libvncserver/issues/273",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/LibVNC/libvncserver/issues/273"
            },
            {
              "name": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
            },
            {
              "name": "USN-3877-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3877-1/"
            },
            {
              "name": "[debian-lts-announce] 20190131 [SECURITY] [DLA 1652-1] libvncserver security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
            },
            {
              "name": "106825",
              "refsource": "BID",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.securityfocus.com/bid/106825"
            },
            {
              "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
            },
            {
              "name": "USN-4547-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4547-1/"
            },
            {
              "name": "USN-4587-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4587-1/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-03-09T21:54Z",
      "publishedDate": "2019-01-30T18:29Z"
    }
  }
}

icsa-21-350-12

Vulnerability from csaf_cisa

Published

2021-12-16 00:00

Modified

2021-12-16 00:00

Summary

Siemens SIMATIC ITC

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these LibVNC vulnerabilities could allow remote code execution, information disclosure, and denial-of-service attacks.

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these LibVNC vulnerabilities could allow remote code execution, information disclosure, and denial-of-service attacks.",
        "title": "Risk evaluation"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SSA-390195: LibVNC Vulnerabilities in SIMATIC ITC Products - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-390195.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-350-12 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-12.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-21-350-12 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-12"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "SSA-390195: LibVNC Vulnerabilities in SIMATIC ITC Products - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
      },
      {
        "category": "external",
        "summary": "SSA-390195: LibVNC Vulnerabilities in SIMATIC ITC Products - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-390195.txt"
      }
    ],
    "title": "Siemens SIMATIC ITC",
    "tracking": {
      "current_release_date": "2021-12-16T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-21-350-12",
      "initial_release_date": "2021-12-16T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-12-16T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-21-350-12 Siemens SIMATIC ITC"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.2.1.0",
                "product": {
                  "name": "SIMATIC ITC1500 V3",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITC1500 V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.2.1.0",
                "product": {
                  "name": "SIMATIC ITC1500 V3 PRO",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITC1500 V3 PRO"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.2.1.0",
                "product": {
                  "name": "SIMATIC ITC1900 V3",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITC1900 V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.2.1.0",
                "product": {
                  "name": "SIMATIC ITC1900 V3 PRO",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITC1900 V3 PRO"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.2.1.0",
                "product": {
                  "name": "SIMATIC ITC2200 V3",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITC2200 V3"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.2.1.0",
                "product": {
                  "name": "SIMATIC ITC2200 V3 PRO",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC ITC2200 V3 PRO"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-18922",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2017-18922 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2017-18922 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2017-18922 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2017-18922 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2017-18922 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2017-18922 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2017-18922 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-18922.json"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18922"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20019"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20748"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20749"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20750"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21247"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15681"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15690"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20788"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20839"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20840"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14396"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14397"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14398"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14401"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14402"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14403"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14404"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14405"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2017-18922"
    },
    {
      "cve": "CVE-2018-20019",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2018-20019 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20019 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20019 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20019 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20019 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20019 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20019 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2018-20019.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2018-20019"
    },
    {
      "cve": "CVE-2018-20748",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2018-20748 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20748 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20748 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20748 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20748 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20748 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20748 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2018-20748.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2018-20748"
    },
    {
      "cve": "CVE-2018-20749",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2018-20749 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20749 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20749 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20749 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20749 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20749 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20749 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2018-20749.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2018-20749"
    },
    {
      "cve": "CVE-2018-20750",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2018-20750 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20750 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20750 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20750 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20750 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20750 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-20750 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2018-20750.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2018-20750"
    },
    {
      "cve": "CVE-2018-21247",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2018-21247 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-21247 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-21247 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-21247 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-21247 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-21247 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2018-21247 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2018-21247.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2018-21247"
    },
    {
      "cve": "CVE-2019-15681",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2019-15681 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15681 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15681 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15681 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15681 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15681 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15681 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-15681.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2019-15681"
    },
    {
      "cve": "CVE-2019-15690",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2019-15690 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15690 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15690 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15690 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15690 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15690 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-15690 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-15690.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2019-15690"
    },
    {
      "cve": "CVE-2019-20788",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2019-20788 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20788 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20788 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20788 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20788 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20788 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20788 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-20788.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2019-20788"
    },
    {
      "cve": "CVE-2019-20839",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2019-20839 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20839 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20839 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20839 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20839 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20839 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20839 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-20839.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2019-20839"
    },
    {
      "cve": "CVE-2019-20840",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2019-20840 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20840 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20840 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20840 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20840 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20840 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2019-20840 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2019-20840.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2019-20840"
    },
    {
      "cve": "CVE-2020-14396",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14396 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14396 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14396 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14396 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14396 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14396 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14396 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14396.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14396"
    },
    {
      "cve": "CVE-2020-14397",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14397 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14397 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14397 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14397 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14397 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14397 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14397 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14397.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14397"
    },
    {
      "cve": "CVE-2020-14398",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14398 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14398 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14398 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14398 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14398 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14398 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14398 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14398.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14398"
    },
    {
      "cve": "CVE-2020-14401",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14401 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14401 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14401 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14401 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14401 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14401 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14401 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14401.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14401"
    },
    {
      "cve": "CVE-2020-14402",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14402 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14402 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14402 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14402 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14402 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14402 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14402 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14402.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14402"
    },
    {
      "cve": "CVE-2020-14403",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14403 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14403 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14403 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14403 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14403 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14403 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14403 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14403.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14403"
    },
    {
      "cve": "CVE-2020-14404",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14404 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14404 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14404 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14404 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14404 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14404 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14404 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14404.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14404"
    },
    {
      "cve": "CVE-2020-14405",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2020-14405 - SIMATIC ITC1500 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14405 - SIMATIC ITC1500 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14405 - SIMATIC ITC1900 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14405 - SIMATIC ITC1900 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14405 - SIMATIC ITC2200 V3",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14405 - SIMATIC ITC2200 V3 PRO",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "summary": "CVE-2020-14405 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2020-14405.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.2.1.0 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109804128/"
        },
        {
          "category": "mitigation",
          "details": "Monitor and restrict access to port 5900/tcp to trusted IP addresses only",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2020-14405"
    }
  ]
}

ghsa-r6jv-7mgh-x66r

Vulnerability from github

Published

2022-05-13 01:03

Modified

2022-05-13 01:03

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-20749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-30T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.",
  "id": "GHSA-r6jv-7mgh-x66r",
  "modified": "2022-05-13T01:03:09Z",
  "published": "2022-05-13T01:03:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20749"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/issues/273"
    },
    {
      "type": "WEB",
      "url": "https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3877-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4547-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4587-1"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2018/12/10/8"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106825"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2018-20749

Vulnerability from cvelistv5

var-201901-1643

Vulnerability from variot

italc vulnerabilities

gsd-2018-20749

Vulnerability from gsd

icsa-21-350-12

Vulnerability from csaf_cisa

ghsa-r6jv-7mgh-x66r

Vulnerability from github

Tags

Sightings

Nomenclature