VDE-2019-003

Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2019-03-05 10:35 - Updated: 2025-05-14 13:00
Summary
PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3
Notes
Summary: Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18
Impact: **Remote Code Execution Vulnerability:** WIBU-SYSTEMS WibuKey network server management remote code execution vulnerability. The vulnerability affects all operating systems... **Privilege Escalation Vulnerability:** WIBU-SYSTEMS WibuKey.sys pool has a corruption privilege escalation vulnerability. The vulnerability affects Windows systems...
Mitigation: 1. Dongle based licensing: Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html) 2. Hardwarecode-based licensing: Removing the WibuKey application. For further information please refer to: [WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Remediation: WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
CVE-2018-3991

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.

9.8 (Critical)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Vendor Fix WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
Mitigation 1. Dongle based licensing: Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html) 2. Hardwarecode-based licensing: Removing the WibuKey application. For further information please refer to: [WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32001
Unresolved product id: CSAFPID-32002
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
CVE-2018-3990

An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.

7.8 (High)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Vendor Fix WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
Mitigation 1. Dongle based licensing: Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html) 2. Hardwarecode-based licensing: Removing the WibuKey application. For further information please refer to: [WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32001
Unresolved product id: CSAFPID-32002
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
CVE-2018-3989

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

5.5 (Medium)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Vendor Fix WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 & 3.15.18).
Mitigation 1. Dongle based licensing: Update WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html) 2. Hardwarecode-based licensing: Removing the WibuKey application. For further information please refer to: [WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32001
Unresolved product id: CSAFPID-32002
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
References
Acknowledgments
CERT@VDE certvde.com
WIBU-SYSTEMS AG www.wibu.com/
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "WIBU-SYSTEMS AG",
        "summary": "reporting",
        "urls": [
          "https://www.wibu.com/"
        ]
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities for MEVIEW3 have been identified in PHOENIX CONTACT MEVIEW3, versions below 3.14.25 and 3.15.18",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "**Remote Code Execution Vulnerability:**\nWIBU-SYSTEMS WibuKey network server management remote code execution vulnerability. The vulnerability affects all operating systems...\n\n**Privilege Escalation Vulnerability:**\nWIBU-SYSTEMS WibuKey.sys pool has a corruption privilege escalation vulnerability. The vulnerability affects Windows systems...",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@phoenixcontact.com",
      "name": "Phoenix Contact GmbH \u0026 Co. KG",
      "namespace": "https://phoenixcontact.com/psirt"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Phoenix Contact",
        "url": "https://certvde.com/en/advisories/vendor/phoenixcontact"
      },
      {
        "category": "self",
        "summary": "VDE-2019-003: PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3 - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2019-003"
      },
      {
        "category": "self",
        "summary": "VDE-2019-003: PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3 - CSAF",
        "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-003.json"
      }
    ],
    "title": "PHOENIX CONTACT: Multiple Vulnerabilities in MEVIEW3",
    "tracking": {
      "aliases": [
        "VDE-2019-003"
      ],
      "current_release_date": "2025-05-14T13:00:14.000Z",
      "generator": {
        "date": "2024-08-01T11:43:13.376Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.9"
        }
      },
      "id": "VDE-2019-003",
      "initial_release_date": "2019-03-05T10:35:00.000Z",
      "revision_history": [
        {
          "date": "2019-03-05T10:35:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2",
          "summary": "Fix: correct certvde domain, added alias, added self-reference"
        },
        {
          "date": "2025-05-14T13:00:14.000Z",
          "number": "3",
          "summary": "Fix: added distribution"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "MEVIEW3",
                "product": {
                  "name": "MEVIEW3",
                  "product_id": "CSAFPID-11001"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.14.25",
                "product": {
                  "name": "Firmware \u003c3.14.25",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.15.18",
                "product": {
                  "name": "Firmware \u003c3.15.18",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version",
                "name": "3.14.25",
                "product": {
                  "name": "Firmware 3.14.25",
                  "product_id": "CSAFPID-22001"
                }
              },
              {
                "category": "product_version",
                "name": "3.15.18",
                "product": {
                  "name": "Firmware 3.15.18",
                  "product_id": "CSAFPID-22002"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "PHOENIX CONTACT"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "summary": "Fixed products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c3.14.25 installed on MEVIEW3",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c3.15.18 installed on MEVIEW3",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.14.25 installed on MEVIEW3",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 3.15.18 installed on MEVIEW3",
          "product_id": "CSAFPID-32002"
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-3991",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002"
          ]
        }
      ],
      "title": "CVE-2018-3991"
    },
    {
      "cve": "CVE-2018-3990",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002"
          ]
        }
      ],
      "title": "CVE-2018-3990"
    },
    {
      "cve": "CVE-2018-3989",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001",
          "CSAFPID-32002"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "WibuKey Runtime Version 6.50 will be integrated in the next version MEVIEW3 (3.14.25 \u0026 3.15.18).",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "1. Dongle based licensing:\nUpdate WibuKey Runtime to version 6.50. See: [WIBU-SYSTEMS Download Page](https://www.wibu.com/support/user/downloads-user-software.html)\n\n2. Hardwarecode-based licensing:\nRemoving the WibuKey application.\n\nFor further information please refer to:\n[WIBU-SYSTEMS Support Documentation](https://www.wibu.com/de/support/anwendersoftware/anwendersoftware/file/download/5638.html)",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002"
          ]
        }
      ],
      "title": "CVE-2018-3989"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.