Details of VAR-201710-0970

ID

VAR-201710-0970

CVE

CVE-2017-11497

TITLE

SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE Component Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // CNVD: CNVD-2018-01326

DESCRIPTION

Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters. Sentinel LDK Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SIMATIC WinCC is an automated data acquisition and monitoring control (SCADA) system. Gemalto Sentinel LDK RTE is a software protection and licensing solution. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. The following Sentinel License Manger services are affected: Gemalto HASP SRM Gemalto Sentinel HASP Gemalto Sentinel LDK products prior to Sentinel LDK RTE 7.55

Trust: 2.97

sources: NVD: CVE-2017-11497 // JVNDB: JVNDB-2017-008951 // CNVD: CNVD-2018-01326 // BID: 102739 // BID: 102906 // IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // VULMON: CVE-2017-11497

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // CNVD: CNVD-2018-01326

AFFECTED PRODUCTS

vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	7.1	Trust: 1.6
vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	2.10	Trust: 1.6
vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	7.50	Trust: 1.6
vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	3.0	Trust: 1.6
vendor:	gemalto n v	model:	sentinel ldk	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc add-on historian connect alarm	scope:	lte	version:	<=v5.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pi connect alarm	scope:	lte	version:	<=v2.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pi connect audit trail	scope:	lte	version:	<=v1.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-agent	scope:	lte	version:	<=v5.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-analyze	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-control	scope:	lte	version:	<=v10.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-maint	scope:	lte	version:	<=v9.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open export	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open host-s	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open import	scope:	lte	version:	<=v6.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open pi	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open pv02	scope:	lte	version:	<=v1.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open tcp/ip	scope:	lte	version:	<=v8.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-quality	scope:	lte	version:	<=v9.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on sicement it mis	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on sipaper it mis	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on sipaper it mis	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on sicement it mis and	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-quality	scope:	eq	version:	9.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open tcp/ip	scope:	eq	version:	8.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open pv02	scope:	eq	version:	1.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open pi	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open import	scope:	eq	version:	6.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open host-s	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open export	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-maint	scope:	eq	version:	9.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-control	scope:	eq	version:	10.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-analyze	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-agent	scope:	eq	version:	5.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pi connect audit trail	scope:	eq	version:	1.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pi connect alarm	scope:	eq	version:	2.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on historian connect alarm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	gemalto	model:	sentinel ldk	scope:	eq	version:	7.54	Trust: 0.3
vendor:	gemalto	model:	sentinel hasp	scope:	eq	version:	0	Trust: 0.3
vendor:	gemalto	model:	hasp srm	scope:	eq	version:	0	Trust: 0.3
vendor:	gemalto	model:	sentinel ldk	scope:	ne	version:	7.55	Trust: 0.3
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	2.10	Trust: 0.2
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	3.0	Trust: 0.2
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	7.1	Trust: 0.2
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	7.50	Trust: 0.2

sources: IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // CNVD: CNVD-2018-01326 // BID: 102739 // BID: 102906 // JVNDB: JVNDB-2017-008951 // CNNVD: CNNVD-201707-925 // NVD: CVE-2017-11497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11497
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-11497
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-01326
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201707-925
value:	HIGH
Trust: 0.6
IVD:	e2e26730-39ab-11e9-8251-000c29342cb1
value:	HIGH
Trust: 0.2
VULMON:	CVE-2017-11497
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-11497
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-01326
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e26730-39ab-11e9-8251-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-11497
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // CNVD: CNVD-2018-01326 // VULMON: CVE-2017-11497 // JVNDB: JVNDB-2017-008951 // CNNVD: CNNVD-201707-925 // NVD: CVE-2017-11497

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-008951 // NVD: CVE-2017-11497

THREAT TYPE

network

Trust: 0.6

sources: BID: 102739 // BID: 102906

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // CNNVD: CNNVD-201707-925

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008951

PATCH

title:	Sentinel LDK	url:	https://sentinel.gemalto.com/software-monetization/sentinel-ldk/	Trust: 0.8
title:	SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE component buffer overflow vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/113847	Trust: 0.6

sources: CNVD: CNVD-2018-01326 // JVNDB: JVNDB-2017-008951

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11497	Trust: 3.9
db:	ICS CERT	id:	ICSA-18-018-01	Trust: 2.2
db:	ICS CERT	id:	ICSA-18-093-01	Trust: 1.9
db:	BID	id:	102906	Trust: 1.4
db:	BID	id:	102739	Trust: 1.4
db:	ICS CERT	id:	ICSA-18-032-03	Trust: 1.2
db:	SIEMENS	id:	SSA-727467	Trust: 1.1
db:	SIEMENS	id:	SSA-127490	Trust: 0.9
db:	CNVD	id:	CNVD-2018-01326	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-925	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-008951	Trust: 0.8
db:	IVD	id:	E2E26730-39AB-11E9-8251-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2017-11497	Trust: 0.1

sources: IVD: e2e26730-39ab-11e9-8251-000c29342cb1 // CNVD: CNVD-2018-01326 // VULMON: CVE-2017-11497 // BID: 102739 // BID: 102906 // JVNDB: JVNDB-2017-008951 // CNNVD: CNNVD-201707-925 // NVD: CVE-2017-11497

REFERENCES

url:	https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/	Trust: 2.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-018-01	Trust: 2.2
url:	https://www.iotvillage.org/slides_dc25/sergey_vlad_defcon_iot_village_public2017.pptx	Trust: 1.7
url:	http://www.securityfocus.com/bid/102739	Trust: 1.2
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-032-03	Trust: 1.2
url:	http://www.securityfocus.com/bid/102906	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-093-01	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf	Trust: 1.1
url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490.pdf	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11497	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-18-093-01	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11497	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://sentinelcustomer.gemalto.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-01326 // VULMON: CVE-2017-11497 // BID: 102739 // BID: 102906 // JVNDB: JVNDB-2017-008951 // CNNVD: CNNVD-201707-925 // NVD: CVE-2017-11497

CREDITS

Sergey Temnikov and Vladimir Dashchenko from Kaspersky Lab

Trust: 0.3

sources: BID: 102739

SOURCES

db:	IVD	id:	e2e26730-39ab-11e9-8251-000c29342cb1
db:	CNVD	id:	CNVD-2018-01326
db:	VULMON	id:	CVE-2017-11497
db:	BID	id:	102739
db:	BID	id:	102906
db:	JVNDB	id:	JVNDB-2017-008951
db:	CNNVD	id:	CNNVD-201707-925
db:	NVD	id:	CVE-2017-11497

LAST UPDATE DATE

2025-04-20T23:12:50.712000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01326	date:	2018-01-19T00:00:00
db:	VULMON	id:	CVE-2017-11497	date:	2018-05-11T00:00:00
db:	BID	id:	102739	date:	2018-01-18T00:00:00
db:	BID	id:	102906	date:	2018-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-008951	date:	2019-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201707-925	date:	2017-10-27T00:00:00
db:	NVD	id:	CVE-2017-11497	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e2e26730-39ab-11e9-8251-000c29342cb1	date:	2018-01-19T00:00:00
db:	CNVD	id:	CNVD-2018-01326	date:	2018-01-19T00:00:00
db:	VULMON	id:	CVE-2017-11497	date:	2017-10-03T00:00:00
db:	BID	id:	102739	date:	2018-01-18T00:00:00
db:	BID	id:	102906	date:	2018-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-008951	date:	2017-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201707-925	date:	2017-07-21T00:00:00
db:	NVD	id:	CVE-2017-11497	date:	2017-10-03T01:29:01.123