CVE-2019-8262
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
05/03/2019
Last modified:
28/06/2021
Description
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:* | 1.2.2.3 (excluding) | |
| cpe:2.3:a:siemens:sinumerik_access_mymachine\/p2p:*:*:*:*:*:*:*:* | 4.8 (excluding) | |
| cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\/ipc:*:*:*:*:*:*:*:* | 14.00 (excluding) | |
| cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\/ipc:*:*:*:*:*:*:*:* | 12.01 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06