返回 CVE 瀏覽器

CVE-2018-3991

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0810%

EPSS Percentile1.87th

Published2019年2月5日

Last Modified2024年11月21日

Vulnerability Description

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

Affected Platforms (CPE)

📦

Wibu

Wibukey

= 6.40.2402.500

💻

Siemens

Simatic Wincc Open Architecture

= 3.14

💻

Siemens

Simatic Wincc Open Architecture

= 3.15

💻

Siemens

Simatic Wincc Open Architecture

= 3.16

References & Advisories

🔗 http://www.securityfocus.com/bid/107005

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659

🔗 http://www.securityfocus.com/bid/107005

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf

相關漏洞威脅

CVE-2021-478107.8

WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to pot...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...