The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Siemens SIMATIC

computer vulnerability alert CVE-2018-18605 CVE-2018-18606 CVE-2018-18607

GNU Binutils: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Impacted products: Data ONTAP, SIMATIC.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/03/2019.
Identifiers: CVE-2018-18605, CVE-2018-18606, CVE-2018-18607, NTAP-20190307-0003, SSB-439005, VIGILANCE-VUL-28696.

Description of the vulnerability

An attacker can use several vulnerabilities of GNU Binutils.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-3989 CVE-2018-3990 CVE-2018-3991

Siemens SIMATIC WinCC OA: multiple vulnerabilities via WibuKey DRM

Synthesis of the vulnerability

An attacker can use several vulnerabilities via WibuKey DRM of Siemens SIMATIC WinCC OA.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/02/2019.
Identifiers: CERTFR-2019-AVI-078, CVE-2018-3989, CVE-2018-3990, CVE-2018-3991, SSA-844562, VIGILANCE-VUL-28614.

Description of the vulnerability

An attacker can use several vulnerabilities via WibuKey DRM of Siemens SIMATIC WinCC OA.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Debian, AIX, IBM i, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Solaris, Percona Server, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, cpuapr2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-20784

Linux kernel: infinite loop via update_blocked_averages

Synthesis of the vulnerability

An attacker can trigger an infinite loop via update_blocked_averages() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, SIMATIC.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/02/2019.
Identifiers: CVE-2018-20784, SSB-439005, VIGILANCE-VUL-28593.

Description of the vulnerability

An attacker can trigger an infinite loop via update_blocked_averages() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-7664 CVE-2019-7665

Elfutils: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Impacted products: Debian, Fedora, SIMATIC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/02/2019.
Identifiers: CVE-2019-7664, CVE-2019-7665, DLA-1689-1, FEDORA-2019-44a9d99647, SSB-439005, VIGILANCE-VUL-28528.

Description of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-7146 CVE-2019-7148 CVE-2019-7149

Elfutils: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Impacted products: Debian, Fedora, SIMATIC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/02/2019.
Identifiers: CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150, DLA-1689-1, FEDORA-2019-44a9d99647, SSB-439005, VIGILANCE-VUL-28527.

Description of the vulnerability

An attacker can use several vulnerabilities of Elfutils.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-16561

SIMATIC S7-300: denial of service via S7 Packets

Synthesis of the vulnerability

An attacker can trigger a fatal error via S7 Packets of SIMATIC S7-300, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 09/01/2019.
Identifiers: CERTFR-2019-AVI-004, CVE-2018-16561, SSA-306710, VIGILANCE-VUL-28197.

Description of the vulnerability

An attacker can trigger a fatal error via S7 Packets of SIMATIC S7-300, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19932

libbfd: infinite loop via IS_CONTAINED_BY_LMA

Synthesis of the vulnerability

An attacker can trigger an infinite loop via IS_CONTAINED_BY_LMA of libbfd, in order to trigger a denial of service.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/01/2019.
Identifiers: CVE-2018-19932, SSB-439005, VIGILANCE-VUL-28196.

Description of the vulnerability

An attacker can trigger an infinite loop via IS_CONTAINED_BY_LMA of libbfd, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-19931

libbfd: buffer overflow via bfd_elf32_swap_phdr_in

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via bfd_elf32_swap_phdr_in() of libbfd, in order to trigger a denial of service, and possibly to run code.
Impacted products: SIMATIC.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/01/2019.
Identifiers: CVE-2018-19931, SSB-439005, VIGILANCE-VUL-28195.

Description of the vulnerability

An attacker can trigger a buffer overflow via bfd_elf32_swap_phdr_in() of libbfd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-19591

glibc: descriptor leak via getaddrinfo

Synthesis of the vulnerability

An attacker can create a descriptor leak via getaddrinfo() of glibc, in order to trigger a denial of service.
Impacted products: Fedora, SIMATIC.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 30/11/2018.
Identifiers: CVE-2018-19591, FEDORA-2018-060302dc83, FEDORA-2018-f6b7df660d, SSB-439005, VIGILANCE-VUL-27921.

Description of the vulnerability

An attacker can create a descriptor leak via getaddrinfo() of glibc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Siemens SIMATIC: