CVE-2019-8269
moderate-risk
Published 2019-03-08
UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.
Do I need to act?
-
0.73% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Sinumerik Access Mymachine\/P2P
Sinumerik Pcu Base Win10 Software\/Ipc
Sinumerik Pcu Base Win7 Software\/Ipc
References (6)
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19...
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19...
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06
38
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
10/34 · Low