9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%
Successful exploitation of these vulnerabilities could allow remote code execution, information disclosure, and denial-of-service attacks under certain conditions.
Siemens reports the vulnerabilities affect the following SINUMERIK products:
The affected products are vulnerable to a buffer underwrite in VNC client code, which may allow an attacker to remotely execute arbitrary code.
CVE-2018-15361 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to a heap-based buffer overflow, which may result in code execution.
CVE-2019-8258 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products contain multiple memory leaks in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR.
CVE-2019-8259 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
There is an out-of-bounds read vulnerability in VNC client decoder code caused by multiplication overflow.
CVE-2019-8260 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products have an out-of-bounds read vulnerability in VNC code inside the client decoder, caused by multiplication overflow.
CVE-2019-8261 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products have multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution.
CVE-2019-8262 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to a stack-based buffer overflow, which leads to a denial-of-service condition. User interaction is required to trigger this vulnerability.
CVE-2019-8263 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).
The affected products are vulnerable due to out-of-bounds access, which can potentially result in code execution.
CVE-2019-8264 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to multiple out-of-bounds access vulnerabilities connected with usage of a macro in the VNC client code, which can potentially result in code execution.
CVE-2019-8265 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products have multiple out-of-bounds access vulnerabilities connected with improper usage of functions in the VNC client code, which can potentially result in code execution.
CVE-2019-8266 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable due to an out-of-bounds read in the VNC client code, which may result in a denial-of-service condition.
CVE-2019-8267 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The affected products have multiple off-by-one vulnerabilities in VNC client code connected with improper usage of functions, which can potentially result code execution.
CVE-2019-8268 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to a stack-based buffer overflow in the VNC client code, which may allow an attacker to perform a denial of service condition.
CVE-2019-8269 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The affected products have an out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial-of-service condition.
CVE-2019-8270 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The affected products are vulnerable to a heap-based buffer overflow in the VNC server code inside the file transfer handler, which can potentially result in code execution.
CVE-2019-8271 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to multiple off-by-one errors in the VNC server code, which may allow an attacker to execute arbitrary code.
CVE-2019-8272 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to a heap-based buffer overflow in the VNC server code inside the file transfer request handler, which can potentially result in code execution.
CVE-2019-8273 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products have a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution.
CVE-2019-8274 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
There is an improper null termination in the VNC server code, which may allow remote access to out-of-bounds data.
CVE-2019-8275 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The affected products are vulnerable to a stack-based buffer overflow in the VNC server code, which can result in denial of service.
CVE-2019-8276 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The affected products contain multiple memory leaks in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR.
CVE-2019-8277 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
The affected products are vulnerable to out-of-bounds access in the VNC client, which can potentially allow code execution.
CVE-2019-8280 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Siemens reported these vulnerabilities to CISA.
Siemens has released updates for the affected products and recommends users update to the latest versions:
Siemens recommends the following to help reduce risk:
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.
For additional information, please refer to Siemens Security Advisory SSA-927095
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15361
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8258
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8259
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8260
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8261
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8262
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8263
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8264
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8265
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8266
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8267
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8268
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8269
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8270
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8271
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8272
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8273
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8274
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8275
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8276
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8277
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8280
cert-portal.siemens.com/operational-guidelines-industrial-security.pdf
cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/122.html
cwe.mitre.org/data/definitions/124.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/125.html
cwe.mitre.org/data/definitions/170.html
cwe.mitre.org/data/definitions/193.html
cwe.mitre.org/data/definitions/193.html
cwe.mitre.org/data/definitions/655.html
cwe.mitre.org/data/definitions/665.html
cwe.mitre.org/data/definitions/788.html
cwe.mitre.org/data/definitions/788.html
cwe.mitre.org/data/definitions/788.html
cwe.mitre.org/data/definitions/788.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SINUMERIK+https://www.cisa.gov/news-events/ics-advisories/icsa-20-161-06
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-20-161-06&title=Siemens%20SINUMERIK
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-20-161-06
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-20-161-06
www.us-cert.gov/ics
www.us-cert.gov/ics
www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01
www.us-cert.gov/ics/recommended-practices
www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B
www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SINUMERIK&body=www.cisa.gov/news-events/ics-advisories/icsa-20-161-06
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.107 Low
EPSS
Percentile
95.0%