CVE-2019-8273

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
Configurations

Configuration 1 (hide)

cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:siemens:sinumerik_access_mymachine\/p2p:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\/ipc:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\/ipc:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:49

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf - Third Party Advisory
References () https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/ - Third Party Advisory () https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/ - Third Party Advisory
References () https://www.us-cert.gov/ics/advisories/icsa-20-161-06 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsa-20-161-06 - Third Party Advisory, US Government Resource

Information

Published : 2019-03-08 23:29

Updated : 2024-11-21 04:49


NVD link : CVE-2019-8273

Mitre link : CVE-2019-8273

CVE.ORG link : CVE-2019-8273


JSON object : View

Products Affected

siemens

  • sinumerik_pcu_base_win7_software\/ipc
  • sinumerik_access_mymachine\/p2p
  • sinumerik_pcu_base_win10_software\/ipc

uvnc

  • ultravnc
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write