CVE-2019-8280
Summary
| CVE | CVE-2019-8280 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-08 23:29:00 UTC |
| Updated | 2021-06-28 13:15:00 UTC |
| Description | UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. |
Risk And Classification
Problem Types: CWE-125 | CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| KLCERT-19-009: UltraVNC Access of Memory Location After End of Buffer | Kaspersky ICS CERT | MISC | ics-cert.kaspersky.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | CONFIRM | cert-portal.siemens.com | |
| Siemens SIMATIC UltraVNC HMI WinCC Products | CISA | MISC | us-cert.cisa.gov | |
| Siemens SINUMERIK | CISA | MISC | www.us-cert.gov | |
| cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf | CONFIRM | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.