CVE-2018-3991
published 2019-02-05CVE-2018-3991: An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially…
PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
34.33%
98.2th percentile
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | simatic_wincc_open_architecture | — | — |
| siemens | simatic_wincc_open_architecture | — | — |
| siemens | simatic_wincc_open_architecture | — | — |
| wibu | wibukey | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
47750
snort↗
47751
- →Monitor for specially crafted TCP packets targeting port 22347 on Windows hosts running WibuKey Network server management service (WkSvW32.exe); anomalous or malformed packets to this port indicate exploitation attempts of the heap overflow in WkbProgramLow. ↗
- →Use Snort rules 47750 and 47751 to detect exploitation attempts against CVE-2018-3991 in network traffic. ↗
- ·The vulnerable WibuKey Network server management service listens on port 22347/TCP by default; blocking this port at the firewall is a recommended mitigation to prevent remote exploitation. ↗
- ·Snort rules for this CVE are subject to change; always reference the latest rule definitions from Firepower Management Center or Snort.org rather than relying on static rule numbers alone. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
cisa_ics·2019-05-14
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
Last RevisedMay 14, 2019
Alert CodeICSA-19-043-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available
- Vendor: WIBU-SYSTEMS AG
- Equipment: WibuKey Digital Rights Management (DRM)
- Vulnerabilities: Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-19-043-03 Siemens Licensing Software for SICAM 230 (Update C) that was publis
GHSA
GHSA-wqfw-3h2h-7vwc: An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6
ghsa_unreviewed·2022-05-13
CVE-2018-3991 [CRITICAL] CWE-787 GHSA-wqfw-3h2h-7vwc: An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
blogs_talos·2019-01-28·CVSS 4.3
[MEDIUM] Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities.
## Executive SummaryCisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as it's located in the network manager.
In accordance with our coordinated disclosure policy, Talos worked with WIBU SYSTEMS to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerabilities Details
### WIBU-SYSTEMS network server management remote code execution vulnerability (TALOS-2018-0
Talos
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
blogs_talos·2019-01-28·CVSS 9.3
[CRITICAL] Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
## Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
Marcin "Icewall" Noga of Cisco Talos discovered these vulnerabilities.
## Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as it's located in the network manager.
In accordance with our coordinated disclosure policy, Talos worked with WIBU SYSTEMS to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerabilities Details
## WIBU-SYSTEMS
Wiz
CVE-2021-47810 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2021-47810 [CRITICAL] CVE-2021-47810 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2021-47810 :
Wibu-Systems WibuKey vulnerability analysis and mitigation
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
Source : NVD
## 8.5
Score
Published January 16, 2026
Severity HIGH
CNA Score 8.5
Affected Technologies
Wibu-Systems WibuKey
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:wibu:wibukey
Sources
Windows Severity HI
http://www.securityfocus.com/bid/107005https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdfhttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0659http://www.securityfocus.com/bid/107005https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdfhttps://talosintelligence.com/vulnerability_reports/TALOS-2018-0659
2019-02-05
Published