The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Siemens SIMATIC

threat alert CVE-2018-20651

libbfd: NULL pointer dereference via elf_link_add_object_symbols

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via elf_link_add_object_symbols() of libbfd, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 15/10/2019.
Identifiers: CVE-2018-20651, openSUSE-SU-2019:2415-1, openSUSE-SU-2019:2432-1, SSB-439005, SUSE-SU-2019:2650-1, VIGILANCE-VUL-30625.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via elf_link_add_object_symbols() of libbfd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2019-10937

SIMATIC TDC CP51M1: denial of service via UDP

Synthesis of the vulnerability

An attacker can send malicious UDP packets to SIMATIC TDC CP51M1, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 10/09/2019.
Identifiers: CERTFR-2019-AVI-429, CVE-2019-10937, SSA-250618, VIGILANCE-VUL-30285.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can send malicious UDP packets to SIMATIC TDC CP51M1, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-10929 CVE-2019-10943

SIMATIC: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SIMATIC.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/08/2019.
Identifiers: CERTFR-2019-AVI-385, CVE-2019-10929, CVE-2019-10943, SSA-232418, VIGILANCE-VUL-30052.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of SIMATIC.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2018-1000876

GNU Binutils: integer overflow via objdump

Synthesis of the vulnerability

An attacker can trigger an integer overflow via objdump of GNU Binutils, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 06/08/2019.
Identifiers: bulletinapr2019, CVE-2018-1000876, openSUSE-SU-2019:2415-1, openSUSE-SU-2019:2432-1, RHSA-2019:2075-01, SSB-439005, SUSE-SU-2019:2650-1, VIGILANCE-VUL-29956.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an integer overflow via objdump of GNU Binutils, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2019-10935

Siemens SIMATIC PCS7/WinCC: file upload via DataMonitor

Synthesis of the vulnerability

An attacker can upload a malicious file via DataMonitor on Siemens SIMATIC PCS7/WinCC, in order for example to upload a Trojan.
Severity: 2/4.
Creation date: 10/07/2019.
Identifiers: CERTFR-2019-AVI-311, CVE-2019-10935, SSA-121293, VIGILANCE-VUL-29733.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can upload a malicious file via DataMonitor on Siemens SIMATIC PCS7/WinCC, in order for example to upload a Trojan.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2019-10925 CVE-2019-10926

SIMATIC Ident: information disclosure via Web Session

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Web Session of SIMATIC Ident, in order to obtain sensitive information.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/06/2019.
Identifiers: CERTFR-2019-AVI-256, CVE-2019-10925, CVE-2019-10926, SSA-816980, VIGILANCE-VUL-29519.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Web Session of SIMATIC Ident, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-12126 CVE-2018-12127 CVE-2018-12130

Intel processors: information disclosure via performance measurement

Synthesis of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/05/2019.
Revision date: 15/05/2019.
Identifiers: 1074268, 1103481, CERTFR-2019-AVI-209, CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-213, CERTFR-2019-AVI-215, CERTFR-2019-AVI-217, CERTFR-2019-AVI-229, CERTFR-2019-AVI-230, CERTFR-2019-AVI-233, CERTFR-2019-AVI-311, CERTFR-2019-AVI-458, CERTFR-2019-AVI-489, CTX251995, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, DLA-1787-1, DLA-1789-1, DLA-1789-2, DLA-1799-1, DLA-1799-2, DSA-4444-1, DSA-4447-1, DSA-4447-2, FEDORA-2019-0731828893, FEDORA-2019-1f5832fc0e, FEDORA-2019-640f8d8dd1, FEDORA-2019-6458474bf2, FEDORA-2019-c36afa818c, FEDORA-2019-e6bf55e821, FEDORA-2019-eb08fb0c5f, FG-IR-18-002, FreeBSD-SA-19:07.mds, HPESBHF03933, INTEL-SA-00233, openSUSE-SU-2019:1402-1, openSUSE-SU-2019:1403-1, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1405-1, openSUSE-SU-2019:1407-1, openSUSE-SU-2019:1408-1, openSUSE-SU-2019:1419-1, openSUSE-SU-2019:1420-1, openSUSE-SU-2019:1468-1, openSUSE-SU-2019:1505-1, openSUSE-SU-2019:1805-1, openSUSE-SU-2019:1806-1, PAN-SA-2019-0012, RHSA-2019:1155-01, RHSA-2019:1167-01, RHSA-2019:1168-01, RHSA-2019:1169-01, RHSA-2019:1170-01, RHSA-2019:1171-01, RHSA-2019:1172-01, RHSA-2019:1174-01, RHSA-2019:1175-01, RHSA-2019:1176-01, RHSA-2019:1177-01, RHSA-2019:1178-01, RHSA-2019:1180-01, RHSA-2019:1181-01, RHSA-2019:1182-01, RHSA-2019:1183-01, RHSA-2019:1184-01, RHSA-2019:1185-01, RHSA-2019:1186-01, RHSA-2019:1187-01, RHSA-2019:1188-01, RHSA-2019:1189-01, RHSA-2019:1190-01, RHSA-2019:1193-01, RHSA-2019:1194-01, RHSA-2019:1195-01, RHSA-2019:1196-01, RHSA-2019:1197-01, RHSA-2019:1198-01, SB10292, SSA-608355, SSA-616472, SUSE-SU-2019:1235-1, SUSE-SU-2019:1236-1, SUSE-SU-2019:1238-1, SUSE-SU-2019:1239-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1243-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1248-1, SUSE-SU-2019:1268-1, SUSE-SU-2019:1269-1, SUSE-SU-2019:1272-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, SUSE-SU-2019:1296-1, SUSE-SU-2019:1313-1, SUSE-SU-2019:1347-1, SUSE-SU-2019:1348-1, SUSE-SU-2019:1349-1, SUSE-SU-2019:1356-1, SUSE-SU-2019:1371-1, SUSE-SU-2019:14048-1, SUSE-SU-2019:14051-1, SUSE-SU-2019:14052-1, SUSE-SU-2019:14063-1, SUSE-SU-2019:14133-1, SUSE-SU-2019:1423-1, SUSE-SU-2019:1438-1, SUSE-SU-2019:1452-1, SUSE-SU-2019:1490-1, SUSE-SU-2019:1547-1, SUSE-SU-2019:1550-1, SUSE-SU-2019:1909-1, SUSE-SU-2019:1910-1, SUSE-SU-2019:1954-1, SUSE-SU-2019:2430-1, Synology-SA-19:24, USN-3977-1, USN-3977-2, USN-3977-3, USN-3978-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, USN-3982-1, USN-3982-2, USN-3983-1, USN-3983-2, USN-3984-1, USN-3985-1, USN-3985-2, VIGILANCE-VUL-29300, VMSA-2019-0008, XSA-297, ZombieLoad.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can measure performances of his process, in order to get sensitive information about other process or, if the host is virtualized, about other guest systems.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2019-9169

glibc: out-of-bounds memory reading via proceed_next_node

Synthesis of the vulnerability

An attacker can force a read at an invalid address via proceed_next_node() of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 10/04/2019.
Identifiers: CVE-2019-9169, DSA-2019-148, DSA-2019-149, K54823184, SB10278, SSB-439005, SUSE-SU-2019:1102-1, SUSE-SU-2019:14084-1, SUSE-SU-2019:1877-1, SUSE-SU-2019:1958-1, SUSE-SU-2019:1958-2, VIGILANCE-VUL-28995.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via proceed_next_node() of glibc, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2018-18605 CVE-2018-18606 CVE-2018-18607

GNU Binutils: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2019.
Identifiers: CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, NTAP-20190307-0003, openSUSE-SU-2019:2415-1, openSUSE-SU-2019:2432-1, SSB-439005, SUSE-SU-2019:2650-1, VIGILANCE-VUL-28696.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-3989 CVE-2018-3990 CVE-2018-3991

Siemens SIMATIC WinCC OA: multiple vulnerabilities via WibuKey DRM

Synthesis of the vulnerability

An attacker can use several vulnerabilities via WibuKey DRM of Siemens SIMATIC WinCC OA.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/02/2019.
Identifiers: CERTFR-2019-AVI-078, CVE-2018-3989, CVE-2018-3990, CVE-2018-3991, SSA-844562, VIGILANCE-VUL-28614.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities via WibuKey DRM of Siemens SIMATIC WinCC OA.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Siemens SIMATIC: