← Back to CVEs
CVE-2019-8275
CRITICAL9.8
Description
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/8/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
siemens:sinumerik_access_mymachine\/p2psiemens:sinumerik_pcu_base_win10_software\/ipcsiemens:sinumerik_pcu_base_win7_software\/ipcuvnc:ultravnc
Weaknesses (CWE)
CWE-170
References
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf(vulnerability@kaspersky.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf(vulnerability@kaspersky.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf(vulnerability@kaspersky.com)
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/(vulnerability@kaspersky.com)
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11(vulnerability@kaspersky.com)
https://www.us-cert.gov/ics/advisories/icsa-20-161-06(vulnerability@kaspersky.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/(af854a3a-2127-422b-91ae-364da2661108)
https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11(af854a3a-2127-422b-91ae-364da2661108)
https://www.us-cert.gov/ics/advisories/icsa-20-161-06(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.