Details of VAR-201710-0971

ID

VAR-201710-0971

CVE

CVE-2017-11498

TITLE

SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE Component Denial of Service Vulnerability

Trust: 0.8

sources: IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // CNVD: CNVD-2018-01327

DESCRIPTION

Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files. Sentinel LDK Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SIMATIC WinCC is an automated data acquisition and monitoring control (SCADA) system. Gemalto Sentinel LDK RTE is a software protection and licensing solution. A denial of service vulnerability exists in the SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE component. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. The following Sentinel License Manger services are affected: Gemalto HASP SRM Gemalto Sentinel HASP Gemalto Sentinel LDK products prior to Sentinel LDK RTE 7.55

Trust: 2.97

sources: NVD: CVE-2017-11498 // JVNDB: JVNDB-2017-008952 // CNVD: CNVD-2018-01327 // BID: 102739 // BID: 102906 // IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // VULMON: CVE-2017-11498

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // CNVD: CNVD-2018-01327

AFFECTED PRODUCTS

vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	7.1	Trust: 1.6
vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	2.10	Trust: 1.6
vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	7.50	Trust: 1.6
vendor:	gemalto	model:	sentinel ldk rte	scope:	eq	version:	3.0	Trust: 1.6
vendor:	gemalto n v	model:	sentinel ldk	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc add-on historian connect alarm	scope:	lte	version:	<=v5.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pi connect alarm	scope:	lte	version:	<=v2.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pi connect audit trail	scope:	lte	version:	<=v1.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-agent	scope:	lte	version:	<=v5.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-analyze	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-control	scope:	lte	version:	<=v10.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-maint	scope:	lte	version:	<=v9.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open export	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open host-s	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open import	scope:	lte	version:	<=v6.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open pi	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open pv02	scope:	lte	version:	<=v1.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-open tcp/ip	scope:	lte	version:	<=v8.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on pm-quality	scope:	lte	version:	<=v9.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on sicement it mis	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on sipaper it mis	scope:	lte	version:	<=v7.x	Trust: 0.6
vendor:	siemens	model:	simatic wincc add-on sipaper it mis	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on sicement it mis and	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-quality	scope:	eq	version:	9.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open tcp/ip	scope:	eq	version:	8.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open pv02	scope:	eq	version:	1.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open pi	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open import	scope:	eq	version:	6.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open host-s	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-open export	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-maint	scope:	eq	version:	9.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-control	scope:	eq	version:	10.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-analyze	scope:	eq	version:	7.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pm-agent	scope:	eq	version:	5.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pi connect audit trail	scope:	eq	version:	1.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on pi connect alarm	scope:	eq	version:	2.0	Trust: 0.3
vendor:	siemens	model:	simatic wincc add-on historian connect alarm	scope:	eq	version:	5.0	Trust: 0.3
vendor:	gemalto	model:	sentinel ldk	scope:	eq	version:	7.54	Trust: 0.3
vendor:	gemalto	model:	sentinel hasp	scope:	eq	version:	0	Trust: 0.3
vendor:	gemalto	model:	hasp srm	scope:	eq	version:	0	Trust: 0.3
vendor:	gemalto	model:	sentinel ldk	scope:	ne	version:	7.55	Trust: 0.3
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	2.10	Trust: 0.2
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	3.0	Trust: 0.2
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	7.1	Trust: 0.2
vendor:	sentinel ldk rte	model:	-	scope:	eq	version:	7.50	Trust: 0.2

sources: IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // CNVD: CNVD-2018-01327 // BID: 102739 // BID: 102906 // JVNDB: JVNDB-2017-008952 // CNNVD: CNNVD-201707-924 // NVD: CVE-2017-11498

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11498
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-11498
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-01327
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201707-924
value:	MEDIUM
Trust: 0.6
IVD:	e2e2401e-39ab-11e9-b098-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2017-11498
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-11498
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-01327
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e2401e-39ab-11e9-b098-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-11498
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // CNVD: CNVD-2018-01327 // VULMON: CVE-2017-11498 // JVNDB: JVNDB-2017-008952 // CNNVD: CNNVD-201707-924 // NVD: CVE-2017-11498

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2017-008952 // NVD: CVE-2017-11498

THREAT TYPE

network

Trust: 0.6

sources: BID: 102739 // BID: 102906

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // CNNVD: CNNVD-201707-924

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008952

PATCH

title:	Sentinel LDK	url:	https://sentinel.gemalto.com/software-monetization/sentinel-ldk/	Trust: 0.8
title:	SIEMENS SIMATIC WinCC Add-On Gemalto Sentinel LDK RTE component denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/113849	Trust: 0.6

sources: CNVD: CNVD-2018-01327 // JVNDB: JVNDB-2017-008952

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11498	Trust: 3.9
db:	ICS CERT	id:	ICSA-18-018-01	Trust: 2.2
db:	ICS CERT	id:	ICSA-18-093-01	Trust: 1.9
db:	BID	id:	102906	Trust: 1.4
db:	BID	id:	102739	Trust: 1.4
db:	ICS CERT	id:	ICSA-18-032-03	Trust: 1.2
db:	SIEMENS	id:	SSA-727467	Trust: 1.1
db:	SIEMENS	id:	SSA-127490	Trust: 0.9
db:	CNVD	id:	CNVD-2018-01327	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-924	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-008952	Trust: 0.8
db:	IVD	id:	E2E2401E-39AB-11E9-B098-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2017-11498	Trust: 0.1

sources: IVD: e2e2401e-39ab-11e9-b098-000c29342cb1 // CNVD: CNVD-2018-01327 // VULMON: CVE-2017-11498 // BID: 102739 // BID: 102906 // JVNDB: JVNDB-2017-008952 // CNNVD: CNNVD-201707-924 // NVD: CVE-2017-11498

REFERENCES

url:	https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/	Trust: 2.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-018-01	Trust: 2.2
url:	https://www.iotvillage.org/slides_dc25/sergey_vlad_defcon_iot_village_public2017.pptx	Trust: 1.7
url:	http://www.securityfocus.com/bid/102739	Trust: 1.2
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-032-03	Trust: 1.2
url:	http://www.securityfocus.com/bid/102906	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-093-01	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf	Trust: 1.1
url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-127490.pdf	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11498	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-18-093-01	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11498	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://sentinelcustomer.gemalto.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-01327 // VULMON: CVE-2017-11498 // BID: 102739 // BID: 102906 // JVNDB: JVNDB-2017-008952 // CNNVD: CNNVD-201707-924 // NVD: CVE-2017-11498

CREDITS

Sergey Temnikov and Vladimir Dashchenko from Kaspersky Lab

Trust: 0.3

sources: BID: 102739

SOURCES

db:	IVD	id:	e2e2401e-39ab-11e9-b098-000c29342cb1
db:	CNVD	id:	CNVD-2018-01327
db:	VULMON	id:	CVE-2017-11498
db:	BID	id:	102739
db:	BID	id:	102906
db:	JVNDB	id:	JVNDB-2017-008952
db:	CNNVD	id:	CNNVD-201707-924
db:	NVD	id:	CVE-2017-11498

LAST UPDATE DATE

2025-04-20T23:12:50.518000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01327	date:	2018-01-19T00:00:00
db:	VULMON	id:	CVE-2017-11498	date:	2018-05-11T00:00:00
db:	BID	id:	102739	date:	2018-01-18T00:00:00
db:	BID	id:	102906	date:	2018-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-008952	date:	2019-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201707-924	date:	2017-10-27T00:00:00
db:	NVD	id:	CVE-2017-11498	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e2e2401e-39ab-11e9-b098-000c29342cb1	date:	2018-01-19T00:00:00
db:	CNVD	id:	CNVD-2018-01327	date:	2018-01-09T00:00:00
db:	VULMON	id:	CVE-2017-11498	date:	2017-10-03T00:00:00
db:	BID	id:	102739	date:	2018-01-18T00:00:00
db:	BID	id:	102906	date:	2018-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-008952	date:	2017-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201707-924	date:	2017-07-21T00:00:00
db:	NVD	id:	CVE-2017-11498	date:	2017-10-03T01:29:01.153