CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11497

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile24.56th
PublishedOct 3, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.

Affected Platforms (CPE)

πŸ“¦
Gemalto

Sentinel Ldk Rte

= 2.10
πŸ“¦
Gemalto

Sentinel Ldk Rte

= 3.0
πŸ“¦
Gemalto

Sentinel Ldk Rte

= 7.1
πŸ“¦
Gemalto

Sentinel Ldk Rte

= 7.50

References & Advisories

πŸ”— http://www.securityfocus.com/bid/102739
πŸ”— http://www.securityfocus.com/bid/102906
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
πŸ”— https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
πŸ”— https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx
πŸ”— http://www.securityfocus.com/bid/102739

Related Vulnerabilities

CVE-2017-128229.9

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK...

CVE-2017-128219.8

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might caus...

CVE-2017-128199.8

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and...

CVE-2017-128207.5

Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Senti...