Vulnerability Details : CVE-2017-11497
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-11497
Probability of exploitation activity in the next 30 days: 15.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-11497
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-11497
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11497
- https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
Siemens Building Technologies Products (Update A) | CISA
-
http://www.securityfocus.com/bid/102739
Multiple Siemens SIMATIC WinCC Add-On Products Multiple Security Vulnerabilities
-
http://www.securityfocus.com/bid/102906
Gemalto Sentinel License Manager Multiple Security Vulnerabilities
-
https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx
Third Party Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01
Siemens SIMATIC WinCC Add-On (Update A) | CISA
-
https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/
KLCERT-17-002: Sentinel LDK RTE: language packs containing malformed filenames lead to Remote Code Execution | Kaspersky Lab ICS CERTThird Party Advisory
Products affected by CVE-2017-11497
- cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*