VDB
CVE-2017-11497
CVE-2017-11497
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.
EPSS 10.20% · 93.3th percentile
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
10.20%
93.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gemalto | sentinel_ldk_rte | 2.10, 7.50, 3.0 |
Exploit Intelligence
- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 (circl)
- https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/ (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf (circl)
- 102906 (circl)
- https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx (circl)
- 102739 (circl)
- https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01 (circl)
Timeline
- Jul 21, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
References
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-127490.pdf advisory
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-284673.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 url
- https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/ url
- 102906 vdb
- https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx url
- 102739 vdb
- https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01 url
- https://nvd.nist.gov/vuln/detail/CVE-2017-11497 advisory
- https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution url