CyberSec.Space Logo
Back to CVE Browser

CVE-2018-3991

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0810%
EPSS Percentile1.87th
PublishedFeb 5, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

Affected Platforms (CPE)

πŸ“¦
Wibu

Wibukey

= 6.40.2402.500
πŸ’»
Siemens

Simatic Wincc Open Architecture

= 3.14
πŸ’»
Siemens

Simatic Wincc Open Architecture

= 3.15
πŸ’»
Siemens

Simatic Wincc Open Architecture

= 3.16

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107005
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf
πŸ”— https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659
πŸ”— http://www.securityfocus.com/bid/107005
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf

Related Vulnerabilities

CVE-2021-478107.8

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to pot...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...