OTPulse
FeedAboutContact

Gemalto Sentinel UltraPro

Monitor6.5ICS-CERT ICSA-19-073-02Mar 14, 2019
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionRequired
Summary

Gemalto Sentinel UltraPro Client Library ux32w.dll versions 1.3.0, 1.3.1, and 1.3.2 contain an insecure file operation vulnerability (CWE-427) that could allow an attacker with local system access and administrator privileges to execute unauthorized code. Exploitation requires user interaction and local file system access. The vulnerability is not remotely exploitable. A patch is available in version 1.3.3.

What this means
What could happen
An attacker with local access and high privileges could execute arbitrary code on a system running the vulnerable Sentinel UltraPro Client Library, potentially compromising the confidentiality and integrity of data or disrupting local operations.
Who's at risk
Organizations using Gemalto Sentinel UltraPro Client Library (ux32w.dll) for hardware security key or licensing management should assess if this library is deployed on engineering workstations, license servers, or industrial automation systems. Impacts are primarily local and affect confidentiality and integrity of systems housing this component.
How it could be exploited
An attacker must have local access to the system, administrator privileges, and user interaction (such as a user performing an action that triggers the vulnerability). The attack exploits an insecure file operation in ux32w.dll to inject and execute unauthorized code locally on the system.
Prerequisites
  • Local file system access to the system running Sentinel UltraPro Client Library
  • Administrator or high-privilege account on the target system
  • User interaction required to trigger the vulnerability
  • Sentinel UltraPro Client Library versions 1.3.0, 1.3.1, or 1.3.2 installed
Local exploitation only (not remotely exploitable)Requires high-privilege account and user interactionNo public exploits knownLow EPSS score (0.7%)
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
Sentinel UltraPro Client Library ux32w.dll:1.3.0 | 1.3.1 | 1.3.21.3.3
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict administrative access and monitor for unauthorized privilege escalation attempts on systems running vulnerable versions
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Sentinel UltraPro Client Library from v1.3.0, v1.3.1, or v1.3.2 to v1.3.3 or later
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate systems with Sentinel UltraPro from untrusted networks and enforce principle of least privilege for local account access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1c76ee2e-f6ca-40b1-b10b-adf7301fba10
Gemalto Sentinel UltraPro | CVSS 6.5 - OTPulse