{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"name": "102906", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102906"}, {"tags": ["x_refsource_MISC"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"name": "102739", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102739"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"name": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"name": "102906", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102906"}, {"name": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx", "refsource": "MISC", "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"name": "102739", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102739"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:40.053Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"name": "102906", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102906"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"name": "102739", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102739"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11497", "datePublished": "2017-10-02T21:00:00", "dateReserved": "2017-07-20T00:00:00", "dateUpdated": "2024-08-05T18:12:40.053Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "A0D085F4-A4D5-406F-9C71-60E38674D4A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "613D88BA-F9E7-4F5C-849D-36D5C0934617", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A692A81-F3B0-4894-A04D-948D488AD2CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gemalto:sentinel_ldk_rte:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "22489E71-8667-40F0-BC80-35278EF7DC08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en hasplms en Gemalto ACC (Admin Control Center) en todas sus versiones desde HASP SRM 2.10 hasta Sentinel LDK 7.50 permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante paquetes de lenguaje que contengan nombres de archivo m\u00e1s largos que 1024 caracteres."}], "id": "CVE-2017-11497", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-03T01:29:01.123", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/102739"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/102906"}, {"source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"}, {"source": "cve@mitre.org", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}, {"source": "cve@mitre.org", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-002-sentinel-ldk-rte-language-packs-containing-malformed-filenames-lead-to-remote-code-execution/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}