CVE-2018-11466

Name of the Vulnerable Software and Affected Versions SINUMERIK 808D V4.7 SINUMERIK 808D V4.8 SINUMERIK 828D versions prior to V4.7 SP6 HF1 SINUMERIK 840D sl versions prior to V4.7 SP6 HF5 SINUMERIK 840D sl versions prior to V4.8 SP3

Description A vulnerability has been identified that could allow a remote attacker to cause a Denial-of-Service condition or execute code in the context of the software firewall by sending specially crafted network packets to port 102/tcp (ISO-TSAP). The vulnerability could be exploited by an attacker with network access to the affected systems, requiring no user privileges or interaction. This could compromise the confidentiality, integrity, and availability of the system. The issue is related to an error in exception handling. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For SINUMERIK 808D V4.7, update to a version that includes the necessary security patches. For SINUMERIK 808D V4.8, update to a version that includes the necessary security patches. For SINUMERIK 828D, update to V4.7 SP6 HF1 or later. For SINUMERIK 840D sl versions prior to V4.7 SP6 HF5, update to V4.7 SP6 HF5 or later. For SINUMERIK 840D sl versions prior to V4.8 SP3, update to V4.8 SP3 or later. As a temporary workaround, consider restricting access to port 102/tcp (ISO-TSAP) to minimize the risk of exploitation.