How severe is CVE-2018-11457?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-11457?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2018-11457

HIGH Year: 2018

CVSS v3 Score

8.1

High

CVSS v2 Score

9.3

Critical

Weakness Type

CWE-122

View all →

Vulnerability Description

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 4842/tcp. Please note that this vulnerability is only exploitable if port 4842/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices on port 4842/tcp. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the web server. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVE-2016-2123

HIGH

CVSS:8.1(High)

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses ...

CWE-1222016

CVE-2016-9586

HIGH

CVSS:8.1(High)

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts ...

CWE-1222016

CVE-2020-25681

HIGH

CVSS:8.1(High)

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge ...

CWE-1222020

CVE-2020-25682

HIGH

CVSS:8.1(High)

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the ne...

CWE-1222020

CVE-2021-21810

HIGH

CVSS:8.1(High)

A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide...

CWE-1222021

CVE-2021-21825

HIGH

CVSS:8.1(High)

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote ...

CWE-1222021

CVE-2018-11457

Vulnerability Description

Related Vulnerabilities

CVE-2016-2123

CVE-2016-9586

CVE-2020-25681

CVE-2020-25682

CVE-2021-21810

CVE-2021-21825