admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-13 17:00:58 +00:00
parent c77f36c36e
commit 01bcedc296
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 732 additions and 369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2014/1xxx/CVE-2014-1972.json
View File

@ -81,6 +81,11 @@
"refsource": "FULLDISC", "refsource": "FULLDISC",
"name": "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry", "name": "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"url": "http://seclists.org/fulldisclosure/2019/Aug/20" "url": "http://seclists.org/fulldisclosure/2019/Aug/20"
},
{
"refsource": "MLIST",
"name": "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"url": "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E"
} }
] ]
} }

58
2018/7xxx/CVE-2018-7081.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7081",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7081",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked."
} }
] ]
} }

134
2019/10xxx/CVE-2019-10916.json
View File

@ -8,152 +8,153 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SIMATIC PCS 7 V8.0 and earlier", "product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.1", "product_name": "SIMATIC PCS 7 V8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19" "version_value": "All versions < V8.1 with WinCC V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.2", "product_name": "SIMATIC PCS 7 V8.2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V9.0", "product_name": "SIMATIC PCS 7 V9.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V13", "product_name": "SIMATIC WinCC (TIA Portal) V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V14", "product_name": "SIMATIC WinCC (TIA Portal) V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V15", "product_name": "SIMATIC WinCC (TIA Portal) V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V13", "product_name": "SIMATIC WinCC Runtime Professional V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V14", "product_name": "SIMATIC WinCC Runtime Professional V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V14.1 Upd 11" "version_value": "All versions < V14.1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V15", "product_name": "SIMATIC WinCC Runtime Professional V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V15.1 Upd 3" "version_value": "All versions < V15.1 Upd 3"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.2 and earlier", "product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.3", "product_name": "SIMATIC WinCC V7.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.3 Upd 19" "version_value": "All versions < V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.4", "product_name": "SIMATIC WinCC V7.4",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.4 SP1 Upd 11" "version_value": "All versions < V7.4 SP1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.5", "product_name": "SIMATIC WinCC V7.5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.5 Upd 3" "version_value": "All versions < V7.5 Upd 3"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -172,10 +173,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
} }
] ]
}, },
@ -183,8 +185,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server.\n\nThe vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

134
2019/10xxx/CVE-2019-10917.json
View File

@ -8,152 +8,153 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SIMATIC PCS 7 V8.0 and earlier", "product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.1", "product_name": "SIMATIC PCS 7 V8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19" "version_value": "All versions < V8.1 with WinCC V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.2", "product_name": "SIMATIC PCS 7 V8.2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V9.0", "product_name": "SIMATIC PCS 7 V9.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V13", "product_name": "SIMATIC WinCC (TIA Portal) V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V14", "product_name": "SIMATIC WinCC (TIA Portal) V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V15", "product_name": "SIMATIC WinCC (TIA Portal) V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V13", "product_name": "SIMATIC WinCC Runtime Professional V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V14", "product_name": "SIMATIC WinCC Runtime Professional V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V14.1 Upd 11" "version_value": "All versions < V14.1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V15", "product_name": "SIMATIC WinCC Runtime Professional V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V15.1 Upd 3" "version_value": "All versions < V15.1 Upd 3"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.2 and earlier", "product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.3", "product_name": "SIMATIC WinCC V7.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.3 Upd 19" "version_value": "All versions < V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.4", "product_name": "SIMATIC WinCC V7.4",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.4 SP1 Upd 11" "version_value": "All versions < V7.4 SP1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.5", "product_name": "SIMATIC WinCC V7.5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.5 Upd 3" "version_value": "All versions < V7.5 Upd 3"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -172,10 +173,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
} }
] ]
}, },
@ -183,8 +185,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded.\n\nSuccessful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

134
2019/10xxx/CVE-2019-10918.json
View File

@ -8,152 +8,153 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SIMATIC PCS 7 V8.0 and earlier", "product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.1", "product_name": "SIMATIC PCS 7 V8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19" "version_value": "All versions < V8.1 with WinCC V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.2", "product_name": "SIMATIC PCS 7 V8.2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V9.0", "product_name": "SIMATIC PCS 7 V9.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V13", "product_name": "SIMATIC WinCC (TIA Portal) V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V14", "product_name": "SIMATIC WinCC (TIA Portal) V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC (TIA Portal) V15", "product_name": "SIMATIC WinCC (TIA Portal) V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V13", "product_name": "SIMATIC WinCC Runtime Professional V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V14", "product_name": "SIMATIC WinCC Runtime Professional V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V14.1 Upd 11" "version_value": "All versions < V14.1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V15", "product_name": "SIMATIC WinCC Runtime Professional V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V15.1 Upd 3" "version_value": "All versions < V15.1 Upd 3"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.2 and earlier", "product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.3", "product_name": "SIMATIC WinCC V7.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.3 Upd 19" "version_value": "All versions < V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.4", "product_name": "SIMATIC WinCC V7.4",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.4 SP1 Upd 11" "version_value": "All versions < V7.4 SP1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.5", "product_name": "SIMATIC WinCC V7.5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.5 Upd 3" "version_value": "All versions < V7.5 Upd 3"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -172,10 +173,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
} }
] ]
}, },
@ -183,8 +185,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges.\n\nThe vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 11), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

134
2019/10xxx/CVE-2019-10935.json
View File

@ -8,152 +8,153 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SIMATIC PCS 7 V8.0 and earlier", "product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.1", "product_name": "SIMATIC PCS 7 V8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19" "version_value": "All versions < V8.1 with WinCC V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V8.2", "product_name": "SIMATIC PCS 7 V8.2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11" "version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC PCS 7 V9.0", "product_name": "SIMATIC PCS 7 V9.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11" "version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Professional (TIA Portal V13)", "product_name": "SIMATIC WinCC Professional (TIA Portal V13)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Professional (TIA Portal V14)", "product_name": "SIMATIC WinCC Professional (TIA Portal V14)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Professional (TIA Portal V15)", "product_name": "SIMATIC WinCC Professional (TIA Portal V15)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V13", "product_name": "SIMATIC WinCC Runtime Professional V13",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V14", "product_name": "SIMATIC WinCC Runtime Professional V14",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V14 SP1 Upd 8" "version_value": "All versions < V14 SP1 Upd 8"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC Runtime Professional V15", "product_name": "SIMATIC WinCC Runtime Professional V15",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V15.1 Upd 3" "version_value": "All versions < V15.1 Upd 3"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.2 and earlier", "product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.3", "product_name": "SIMATIC WinCC V7.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.3 Upd 19" "version_value": "All versions < V7.3 Upd 19"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.4", "product_name": "SIMATIC WinCC V7.4",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.4 SP1 Upd 11" "version_value": "All versions < V7.4 SP1 Upd 11"
} }
] ]
} }
}, },
{ {
"product_name": "SIMATIC WinCC V7.5", "product_name": "SIMATIC WinCC V7.5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V7.5 Upd 3" "version_value": "All versions < V7.5 Upd 3"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -172,10 +173,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
} }
] ]
}, },
@ -183,8 +185,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions), SIMATIC WinCC Professional (TIA Portal V15) (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code.\n\nThe security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device.\n\nAt the stage of publishing this security advisory no public exploitation is known." "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions), SIMATIC WinCC Professional (TIA Portal V15) (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known."
} }
] ]
} }
} }

30
2019/10xxx/CVE-2019-10937.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SIMATIC TDC CP51M1", "product_name": "SIMATIC TDC CP51M1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V1.1.7" "version_value": "All versions < V1.1.7"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -42,10 +43,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf"
} }
] ]
}, },
@ -53,8 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device.\n\nThe security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

10
2019/12xxx/CVE-2019-12922.json
View File

@ -56,6 +56,16 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Sep/23", "name": "http://seclists.org/fulldisclosure/2019/Sep/23",
"url": "http://seclists.org/fulldisclosure/2019/Sep/23" "url": "http://seclists.org/fulldisclosure/2019/Sep/23"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "Exploit Database",
"url": "https://www.exploit-db.com/exploits/47385"
} }
] ]
} }

5
2019/13xxx/CVE-2019-13363.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Sep/25", "name": "http://seclists.org/fulldisclosure/2019/Sep/25",
"url": "http://seclists.org/fulldisclosure/2019/Sep/25" "url": "http://seclists.org/fulldisclosure/2019/Sep/25"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154484/Piwigo-2.9.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/154484/Piwigo-2.9.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
} }
] ]
} }

5
2019/13xxx/CVE-2019-13364.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Sep/25", "name": "http://seclists.org/fulldisclosure/2019/Sep/25",
"url": "http://seclists.org/fulldisclosure/2019/Sep/25" "url": "http://seclists.org/fulldisclosure/2019/Sep/25"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154484/Piwigo-2.9.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/154484/Piwigo-2.9.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
} }
] ]
} }

62
2019/13xxx/CVE-2019-13532.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13532",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CODESYS V3 web server",
"version": {
"version_data": [
{
"version_value": "all versions prior to 3.5.14.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller."
}
]
}
}

62
2019/13xxx/CVE-2019-13548.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13548",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CODESYS V3 web server",
"version": {
"version_data": [
{
"version_value": "all versions prior to 3.5.14.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution."
}
]
}
}

30
2019/13xxx/CVE-2019-13918.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SINEMA Remote Connect Server", "product_name": "SINEMA Remote Connect Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V2.0 SP1" "version_value": "All versions < V2.0 SP1"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -42,10 +43,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf"
} }
] ]
}, },
@ -53,8 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks.\n\nThe vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

30
2019/13xxx/CVE-2019-13919.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SINEMA Remote Connect Server", "product_name": "SINEMA Remote Connect Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V2.0 SP1" "version_value": "All versions < V2.0 SP1"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -42,10 +43,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf"
} }
] ]
}, },
@ -53,8 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user.\n\nThe security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

30
2019/13xxx/CVE-2019-13920.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SINEMA Remote Connect Server", "product_name": "SINEMA Remote Connect Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V2.0 SP1" "version_value": "All versions < V2.0 SP1"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -42,10 +43,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf"
} }
] ]
}, },
@ -53,8 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks.\n\nThe security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

30
2019/13xxx/CVE-2019-13922.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "SINEMA Remote Connect Server", "product_name": "SINEMA Remote Connect Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions < V2.0 SP1" "version_value": "All versions < V2.0 SP1"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -42,10 +43,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf"
} }
] ]
}, },
@ -53,8 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password.\n\nThe security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

30
2019/13xxx/CVE-2019-13923.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
"affects": { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"vendor_name": "Siemens AG", "vendor_name": "Siemens AG",
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name": "IE/WSN-PA Link WirelessHART Gateway", "product_name": "IE/WSN-PA Link WirelessHART Gateway",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -42,10 +43,11 @@
] ]
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf"
} }
] ]
}, },
@ -53,8 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known." "value": "A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known."
} }
] ]
} }
} }

62
2019/16xxx/CVE-2019-16293.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019",
"refsource": "MISC",
"name": "https://community.opmantek.com/display/OA/Errata+-+3.1.2+Security+issue%2C+September+2019"
}
]
}
}

58
2019/5xxx/CVE-2019-5314.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5314",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5314",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "Aruba Mobility Controller firmware (ArubaOS) 6.x prior to 6.4.4.21 6.5.x prior to 6.5.4.13 8.x prior to 8.2.2.6 8.3.0.x prior to 8.3.0.7, 8.4.0.x and prior to 8.4.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Response Splitting (CRLF injection) and Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability."
} }
] ]
} }

58
2019/5xxx/CVE-2019-5315.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5315",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5315",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Aruba Mobility Controllers",
"version": {
"version_data": [
{
"version_value": "Aruba Mobility Controller firmware (ArubaOS) prior to 8.2.2.6, 8.3.0.x prior to 8.3.0.7 and 8.4.0.x prior to 8.4.0.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-004.txt"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x."
} }
] ]
} }