VDB
CVE-2017-11498
CVE-2017-11498
PUBLISHED
CVSS 5 MEDIUM
Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.
EPSS 2.92% · 86.7th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
2.92%
86.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| gemalto | sentinel_ldk_rte | 2.10, 7.1, 7.50 |
Exploit Intelligence
- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf (circl)
- 102906 (circl)
- https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx (circl)
- https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/ (circl)
- 102739 (circl)
- https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01 (circl)
Timeline
- Jul 21, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-127490.pdf advisory
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-284673.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01 url
- 102906 vdb
- https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx url
- https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/ url
- 102739 vdb
- https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01 url
- https://nvd.nist.gov/vuln/detail/CVE-2017-11498 advisory
- https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service url