cbcvebase.
CVE-2018-11462
published 2018-12-12

CVE-2018-11462: A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6…

PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.66%
88.2th percentile
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). By sending a specially crafted authentication request to the affected systems a remote attacker could escalate his privileges to an elevated user account but not to root. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected

3 ranges
VendorProductVersion rangeFixed in
siemenssinumerik_828d_v4.7_firmware<= 4.7
siemenssinumerik_840d_sl_v4.7_firmware<= 4.7
siemenssinumerik_840d_sl_v4.8_firmware<= 4.8

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is a specially crafted authentication request sent over the network; monitor for anomalous or malformed authentication attempts targeting SINUMERIK CNC systems on their exposed network interfaces.
  • No credentials or user interaction are required for exploitation; any unauthenticated authentication request resulting in elevated session privileges on SINUMERIK devices should be treated as suspicious.
  • ·SINUMERIK 808D V4.7 and V4.8 (all versions) have no patched release available per the advisory; these versions remain permanently vulnerable.
  • ·SINUMERIK 828D V4.7 is vulnerable in all versions prior to V4.7 SP6 HF1; ensure patch level is at or above this threshold.
  • ·SINUMERIK 840D sl V4.7 is vulnerable in all versions prior to V4.7 SP6 HF5; ensure patch level is at or above this threshold.
  • ·SINUMERIK 840D sl V4.8 is vulnerable in all versions prior to V4.8 SP3; ensure patch level is at or above this threshold.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.