CVE-2018-11459

Name of the Vulnerable Software and Affected Versions SINUMERIK 808D V4.7 SINUMERIK 808D V4.8 SINUMERIK 828D versions prior to V4.7 SP6 HF1 SINUMERIK 840D sl versions prior to V4.7 SP6 HF5 SINUMERIK 840D sl versions prior to V4.8 SP3

Description The issue is related to insufficient protection of the configuration file in the Siemens Sinumeric programmable logic controller software. Exploitation of this issue could allow an attacker to execute arbitrary code with elevated privileges after a reboot or manual initiation. This could be achieved by a local attacker modifying a user-writeable configuration file. The attacker would need local access to the system and user privileges, but no user interaction is required. The issue could compromise the confidentiality, integrity, and availability of the system. At the time of the advisory publication, there were no known public exploitations of this issue.

Recommendations For SINUMERIK 808D V4.7, update to a version that includes the necessary security patches. For SINUMERIK 808D V4.8, update to a version that includes the necessary security patches. For SINUMERIK 828D, update to V4.7 SP6 HF1 or later. For SINUMERIK 840D sl versions prior to V4.7 SP6 HF5, update to V4.7 SP6 HF5 or later. For SINUMERIK 840D sl versions prior to V4.8 SP3, update to V4.8 SP3 or later.