CVE-2018-9115

MEDIUM

Systematic SitaWare 6.4 SP2 - Denial of Service via NVG Interface Input

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9115. PoCs published by 2u53.

AI-analyzed exploit summary This exploit is a proof-of-concept for a denial-of-service (DoS) vulnerability in SitAware NVG interface. It sets up a malicious SOAP server that sends malformed NVG data to freeze the Situational Layer of SitAware.

Description

Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.

Exploits (1)

exploitdb WORKING POC
by 2u53 · pythondosxml
https://www.exploit-db.com/exploits/44375

This exploit is a proof-of-concept for a denial-of-service (DoS) vulnerability in SitAware NVG interface. It sets up a malicious SOAP server that sends malformed NVG data to freeze the Situational Layer of SitAware.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SitAware 6.4 SP2
No auth needed
Prerequisites: BottlePy library · Network access to the target SitAware instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/146982
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44375/

Scores

CVSS v3 5.3
EPSS 0.0602
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-20
Status published
Products (1)
systematicinc/sitaware 6.4 sp2
Published Apr 04, 2018
Tracked Since Feb 18, 2026