cvelistv5 - cve-2017-12821

CVE-2017-12821 (GCVE-0-2017-12821)

Vulnerability from cvelistv5

Published

2017-10-03 13:00

Modified

2024-09-17 04:10

Severity ?

CWE

Memory corruption might cause remote code execution

Summary

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/102906	vdb-entry, x_refsource_BID
	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Gemalto	Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE	Version: 7.55

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:51:06.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
          },
          {
            "name": "102906",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102906"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
          "vendor": "Gemalto",
          "versions": [
            {
              "status": "affected",
              "version": "7.55"
            }
          ]
        }
      ],
      "datePublic": "2017-10-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption might cause remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-10T09:57:01.000Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
        },
        {
          "name": "102906",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102906"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerability@kaspersky.com",
          "DATE_PUBLIC": "2017-10-02T00:00:00",
          "ID": "CVE-2017-12821",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.55"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Gemalto"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory corruption in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory corruption might cause remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
            },
            {
              "name": "102906",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102906"
            },
            {
              "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-007-sentinel-ldk-rte-memory-corruption-might-cause-remote-code-execution/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2017-12821",
    "datePublished": "2017-10-03T13:00:00.000Z",
    "dateReserved": "2017-08-11T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:10:00.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-157

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SCADA Siemens Building Technologies. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SiteIQ Analytics V1.1, V1.2, and V1.3
Siemens	N/A	Desigo XWP V5.00.204, V5.00.260, V5.10.142, V5.10.212, V6.00.184, V6.00.342 et V6.10.172
Siemens	N/A	Annual Shading V1.0.4 et V1.1
Siemens	N/A	License Management System (LMS) toutes versions antérieures à V2.1 SP3 (2.1.670)
Siemens	N/A	Siveillance Identity V1.1
Siemens	N/A	Desigo ABT MP1.1 Build 845, MP1.15 Build 360, MP1.16 Build 055, MP1.2 Build 850, MP1.2.1 Build 318 et MP2.1 Build 965
Siemens	N/A	Desigo CC MP1.1, MP2.0, MP2.1 et MP3.0
Siemens	N/A	Desigo Configuration Manager (DCM) V6.10.140

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-727467 du 28 mars 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SiteIQ Analytics V1.1, V1.2, and V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo XWP V5.00.204, V5.00.260, V5.10.142, V5.10.212, V6.00.184, V6.00.342 et V6.10.172",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Annual Shading V1.0.4 et V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "License Management System (LMS) toutes versions ant\u00e9rieures \u00e0 V2.1 SP3 (2.1.670)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo ABT MP1.1 Build 845, MP1.15 Build 360, MP1.16 Build 055, MP1.2 Build 850, MP1.2.1 Build 318 et MP2.1 Build 965",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC MP1.1, MP2.0, MP2.1 et MP3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo Configuration Manager (DCM) V6.10.140",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11496"
    },
    {
      "name": "CVE-2017-12822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12822"
    },
    {
      "name": "CVE-2017-12818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12818"
    },
    {
      "name": "CVE-2017-11498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11498"
    },
    {
      "name": "CVE-2017-12820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12820"
    },
    {
      "name": "CVE-2017-12819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12819"
    },
    {
      "name": "CVE-2017-12821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12821"
    },
    {
      "name": "CVE-2017-11497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11497"
    }
  ],
  "initial_release_date": "2018-03-29T00:00:00",
  "last_revision_date": "2018-03-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-157",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SCADA\nSiemens Building Technologies. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SCADA Siemens Building Technologies",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-727467 du 28 mars 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-12821 (GCVE-0-2017-12821)

Vulnerability from cvelistv5

CERTFR-2018-AVI-157

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature