From 06fc014d0046f500cb1b1e7745c4f1b2e8334cf0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 24 Apr 2025 23:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/46xxx/CVE-2025-46274.json | 145 ++++++++++++++++++++++++++++++++- 2025/46xxx/CVE-2025-46275.json | 111 ++++++++++++++++++++++++- 2 files changed, 248 insertions(+), 8 deletions(-) diff --git a/2025/46xxx/CVE-2025-46274.json b/2025/46xxx/CVE-2025-46274.json index ee884c58921..155a1f202c6 100644 --- a/2025/46xxx/CVE-2025-46274.json +++ b/2025/46xxx/CVE-2025-46274.json @@ -1,17 +1,154 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46274", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UNI-NMS-Lite uses hard-coded credentials that could allow an \nunauthenticated attacker to read, manipulate and create entries in the \nmanaged database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Planet Technology", + "product": { + "product_data": [ + { + "product_name": "UNI-NMS-Lite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.0b211018" + } + ] + } + }, + { + "product_name": "NMS-500", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "NMS-1000V", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "WGS-804HPT-V2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.305b250121" + } + ] + } + }, + { + "product_name": "WGS-4215-8T2S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.305b241115" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-25-114-06", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Planet Technology has released patches for the following devices:

\n" + } + ], + "value": "Planet Technology has released patches for the following devices:\n\n\n\n * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 \n * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s \n * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms \n * NMS-500 https://www.planet.com.tw/en/product/nms-500 \n * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v" + } + ], + "credits": [ + { + "lang": "en", + "value": "Kev Breen of Immersive reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/46xxx/CVE-2025-46275.json b/2025/46xxx/CVE-2025-46275.json index 3cf88e6338f..993ae53e6d5 100644 --- a/2025/46xxx/CVE-2025-46275.json +++ b/2025/46xxx/CVE-2025-46275.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-46275", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could \nallow an attacker to create an administrator account without knowing any\n existing credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Planet Technology", + "product": { + "product_data": [ + { + "product_name": "WGS-804HPT-V2", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.305b250121" + } + ] + } + }, + { + "product_name": "WGS-4215-8T2S", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.305b241115" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-06" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-25-114-06", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Planet Technology has released patches for the following devices:

\n" + } + ], + "value": "Planet Technology has released patches for the following devices:\n\n\n\n * WGS-804HPT (v2) https://www.planet.com.tw/en/product/wgs-804hpt-v2 \n * WGS-4215-8T2 https://www.planet.com.tw/en/product/wgs-4215-8t2s \n * S https://www.planet.com.tw/en/product/wgs-4215-8t2s UNI-NMS https://www.planet.com.tw/en/product/uni-nms \n * NMS-500 https://www.planet.com.tw/en/product/nms-500 \n * NMS-1000V https://www.planet.com.tw/en/product/nms-1000v" + } + ], + "credits": [ + { + "lang": "en", + "value": "Kev Breen of Immersive reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] }