CVE-2018-11462

Name of the Vulnerable Software and Affected Versions SINUMERIK 808D V4.7 SINUMERIK 808D V4.8 SINUMERIK 828D versions 4.7 through 4.7 SP6 HF0 SINUMERIK 840D sl versions 4.7 through 4.7 SP6 HF4 SINUMERIK 840D sl versions 4.8 through 4.8 SP2

Description The issue is related to permission management errors in the Siemens Sinumerik programmable logic controller software. Exploitation of this issue may allow a remote attacker to escalate privileges to an elevated user account by sending a specially crafted authentication request to the affected systems, but not to the root level. This could compromise the confidentiality, integrity, and availability of the system. The attacker requires network access to the affected systems and no user interaction is needed. At the time of the advisory publication, no public exploitation of this issue was known.

Recommendations For SINUMERIK 808D V4.7, update to a version with the necessary security patches. For SINUMERIK 808D V4.8, update to a version with the necessary security patches. For SINUMERIK 828D versions 4.7 through 4.7 SP6 HF0, update to version 4.7 SP6 HF1 or later. For SINUMERIK 840D sl versions 4.7 through 4.7 SP6 HF4, update to version 4.7 SP6 HF5 or later. For SINUMERIK 840D sl versions 4.8 through 4.8 SP2, update to version 4.8 SP3 or later.