From 05cb4dda84e1b79a4bafac14dbc0decdf0d5a3ca Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Oct 2020 19:02:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/11xxx/CVE-2020-11496.json | 56 ++++++++++++++++++++++++++++++---- 2020/16xxx/CVE-2020-16270.json | 7 ++++- 2 files changed, 56 insertions(+), 7 deletions(-) diff --git a/2020/11xxx/CVE-2020-11496.json b/2020/11xxx/CVE-2020-11496.json index cf3d81d30a0..e4e2767a299 100644 --- a/2020/11xxx/CVE-2020-11496.json +++ b/2020/11xxx/CVE-2020-11496.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-11496", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-11496", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (\u201cPDLs\u201d), transferring them to the device, and restarting the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.sprecher-automation.com/en/it-security/", + "url": "https://www.sprecher-automation.com/en/it-security/" } ] } diff --git a/2020/16xxx/CVE-2020-16270.json b/2020/16xxx/CVE-2020-16270.json index a9882e2176d..99e28596523 100644 --- a/2020/16xxx/CVE-2020-16270.json +++ b/2020/16xxx/CVE-2020-16270.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "OLIMPOKS before 5.1.0 allows Auth/Admin ErrorMessage XSS." + "value": "OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim\u2019s browsers in context of vulnerable applications. Executed code can be used to steal administrator\u2019s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://bdu.fstec.ru/vul/2020-04623", "url": "https://bdu.fstec.ru/vul/2020-04623" + }, + { + "refsource": "MISC", + "name": "https://github.com/Security-AVS/CVE-2020-16270", + "url": "https://github.com/Security-AVS/CVE-2020-16270" } ] }