How severe is CVE-2018-11458?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-11458?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2018-11458

HIGH Year: 2018

CVSS v3 Score

8.1

High

CVSS v2 Score

9.3

Critical

Weakness Type

CWE-190

View all →

Vulnerability Description

A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code with privileged permissions on the system by sending specially crafted network requests to port 5900/tcp. Please note that this vulnerability is only exploitable if port 5900/tcp is manually opened in the firewall configuration of network port X130. The security vulnerability could be exploited by an attacker with network access to the affected devices and port. Successful exploitation requires no privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the VNC server. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVE-2015-7599

HIGH

CVSS:8.1(High)

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a den...

CWE-1902015

CVE-2015-8982

HIGH

CVSS:8.1(High)

Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary cod...

CWE-1902015

CVE-2015-8983

HIGH

CVSS:8.1(High)

Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application...

CWE-1902015

CVE-2016-7133

HIGH

CVSS:8.1(High)

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly ...

CWE-1902016

CVE-2016-8706

HIGH

CVSS:8.1(High)

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remo...

CWE-1902016

CVE-2017-0104

HIGH

CVSS:8.1(High)

The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflo...

CWE-1902017

CVE-2018-11458

Vulnerability Description

Related Vulnerabilities

CVE-2015-7599

CVE-2015-8982

CVE-2015-8983

CVE-2016-7133

CVE-2016-8706

CVE-2017-0104