cbcvebase.
CVE-2018-3991
published 2019-02-05

CVE-2018-3991: An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially…

PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
34.33%
98.2th percentile
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

Affected

4 ranges
VendorProductVersion rangeFixed in
siemenssimatic_wincc_open_architecture
siemenssimatic_wincc_open_architecture
siemenssimatic_wincc_open_architecture
wibuwibukey

Detection & IOCsextracted from sources · hover to see the quote

port22347/TCP
snort
47750
snort
47751
  • Monitor for specially crafted TCP packets targeting port 22347 on Windows hosts running WibuKey Network server management service (WkSvW32.exe); anomalous or malformed packets to this port indicate exploitation attempts of the heap overflow in WkbProgramLow.
  • Use Snort rules 47750 and 47751 to detect exploitation attempts against CVE-2018-3991 in network traffic.
  • ·The vulnerable WibuKey Network server management service listens on port 22347/TCP by default; blocking this port at the firewall is a recommended mitigation to prevent remote exploitation.
  • ·Snort rules for this CVE are subject to change; always reference the latest rule definitions from Firepower Management Center or Snort.org rather than relying on static rule numbers alone.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.