CVE-2018-9115

MEDIUM

Systematicinc Sitaware - Improper Input Validation

Title source: rule

Description

Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.

Exploits (1)

exploitdb WORKING POC

by 2u53 · pythondosxml

https://www.exploit-db.com/exploits/44375

View Code ZIP pw:eip

References (3)

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/141099

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/146982

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44375/

Scores

CVSS v3 5.3

EPSS 0.2036

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-20

Status published

Products (1)

systematicinc/sitaware 6.4 sp2

Published Apr 04, 2018

Tracked Since Feb 18, 2026