{"api_version":"1","generated_at":"2026-04-23T11:34:15+00:00","cve":"CVE-2019-8262","urls":{"html":"https://cve.report/CVE-2019-8262","api":"https://cve.report/api/cve/CVE-2019-8262.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-8262","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-8262"},"summary":{"title":"CVE-2019-8262","description":"UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.","state":"PUBLIC","assigner":"vulnerability@kaspersky.com","published_at":"2019-03-05 15:29:00","updated_at":"2021-06-28 12:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"0"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11","name":"https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11","refsource":"MISC","tags":[],"title":"Siemens SIMATIC UltraVNC HMI WinCC Products | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-161-06","name":"https://www.us-cert.gov/ics/advisories/icsa-20-161-06","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Siemens SINUMERIK | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/","name":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/","refsource":"MISC","tags":["Third Party Advisory"],"title":"KLCERT-19-008: UltraVNC Heap-based Buffer Overflow | Kaspersky ICS CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-8262","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8262","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_access_mymachine/p2p","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_access_mymachine\\/p2p","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_access_mymachine\\/p2p","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_pcu_base_win10_software/ipc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_pcu_base_win10_software\\/ipc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_pcu_base_win10_software\\/ipc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"12.01","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_pcu_base_win7_software/ipc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"12.01","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinumerik_pcu_base_win7_software\\/ipc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"uvnc","cpe5":"ultravnc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"8262","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"uvnc","cpe5":"ultravnc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-8262","qid":"590701","title":"Siemens SINAMICS Medium Voltage Products Remote Access (Update B) Multiple Vulnerabilities (ICSA-21-131-04) (ssa-286838)"},{"cve":"CVE-2019-8262","qid":"590854","title":"Schneider Electric TelevisGo Multiple Vulnerabilities (SEVD-2019-225-05)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"vulnerability@kaspersky.com","DATE_PUBLIC":"2019-03-01T00:00:00","ID":"CVE-2019-8262","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"UltraVNC","version":{"version_data":[{"version_value":"1.2.2.3"}]}}]},"vendor_name":"UltraVNC"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-122: Heap-based Buffer Overflow"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/","refsource":"MISC","url":"https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-008-ultravnc-heap-based-buffer-overflow/"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"},{"refsource":"MISC","name":"https://www.us-cert.gov/ics/advisories/icsa-20-161-06","url":"https://www.us-cert.gov/ics/advisories/icsa-20-161-06"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"},{"refsource":"MISC","name":"https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11","url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"}]}},"nvd":{"publishedDate":"2019-03-05 15:29:00","lastModifiedDate":"2021-06-28 12:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.2.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\\/ipc:*:*:*:*:*:*:*:*","versionEndIncluding":"12.01","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\\/ipc:*:*:*:*:*:*:*:*","versionEndExcluding":"14.00","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinumerik_access_mymachine\\/p2p:*:*:*:*:*:*:*:*","versionEndExcluding":"4.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"8262","Ordinal":"146095","Title":"CVE-2019-8262","CVE":"CVE-2019-8262","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"8262","Ordinal":"1","NoteData":"UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"8262","Ordinal":"2","NoteData":"2019-03-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"8262","Ordinal":"3","NoteData":"2021-06-28","Type":"Other","Title":"Modified"}]}}}