CVE-2018-11461

Name of the Vulnerable Software and Affected Versions SINUMERIK 808D V4.7 SINUMERIK 808D V4.8 SINUMERIK 828D versions prior to V4.7 SP6 HF1 SINUMERIK 840D sl versions prior to V4.7 SP6 HF5 SINUMERIK 840D sl versions prior to V4.8 SP3

Description A local attacker with user privileges could exploit this issue to escalate privileges to an elevated user, but not to the root level, by using the service command application. The vulnerability requires local access to the affected systems and user privileges, but no user interaction. Successful exploitation could compromise the confidentiality, integrity, and availability of the system. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For SINUMERIK 808D V4.7, update to a version later than V4.7. For SINUMERIK 808D V4.8, update to a version later than V4.8 SP3. For SINUMERIK 828D, update to V4.7 SP6 HF1 or later. For SINUMERIK 840D sl V4.7, update to V4.7 SP6 HF5 or later. For SINUMERIK 840D sl V4.8, update to V4.8 SP3 or later.