admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-12 21:00:33 +00:00
parent 903bdd95b4
commit 0ba99b8eb7
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 434 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2024/44xxx/CVE-2024-44459.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44459",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Vernemq_crash.md",
"refsource": "MISC",
"name": "https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Vernemq_crash.md"
}
]
}

56
2024/44xxx/CVE-2024-44460.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44460",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-44460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Nanomq_invalid_read.md",
"refsource": "MISC",
"name": "https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Nanomq_invalid_read.md"
}
]
}

68
2024/45xxx/CVE-2024-45845.json
View File

@ -1,71 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-45845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45845",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://puckipedia.com/7hkj-98sq/qixt",
"refsource": "MISC",
"name": "https://puckipedia.com/7hkj-98sq/qixt"
},
{
"url": "https://github.com/NixOS/nix/tags",
"refsource": "MISC",
"name": "https://github.com/NixOS/nix/tags"
},
{
"url": "https://news.ycombinator.com/item?id=41492994",
"refsource": "MISC",
"name": "https://news.ycombinator.com/item?id=41492994"
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
}

4
2024/6xxx/CVE-2024-6077.json
View File

@ -163,10 +163,10 @@
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p>Affected Family </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in Software/Firmware Version</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Software/Firmware Version</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32 .011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 Process </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.33.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix 5380 SIL 2 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.013</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix 5380 SIL 3 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix\u00ae 5580 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix\u00ae 5580 Process </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.33.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v2.001</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v6.001 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><p>&nbsp;</p>\n\n<br>"
"value": "<table><tbody><tr><td><p>Affected Family </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in Software/Firmware Version</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Software/Firmware Version</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32 .011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5380 Process </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.33.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix 5380 SIL 2 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.013</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Compact GuardLogix 5380 SIL 3 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>CompactLogix 5480 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix\u00ae 5580 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>ControlLogix\u00ae 5580 Process </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.33.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>GuardLogix 5580 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v.32.011</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v33.017, v34.014, v35.013, v36.011 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>1756-EN4</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v2.001</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>v6.001 and later</p><p>&nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><p>&nbsp;</p>\n\n\n\n<p>Mitigations and Workarounds <br>Customers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. </p><ul><li><p>Users who do not wish to use CIP security can disable the feature per device. See \"Disable CIP Security\" in Chapter 2 of \"CIP Security with Rockwell Automation Products\" (publication SECURE-AT001)</p></li></ul><p>For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best practices</a>&nbsp;to minimize the risk of the vulnerability. Customers can use <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc\">Stakeholder-Specific Vulnerability Categorization</a>&nbsp;to generate more environment-specific prioritization.</p>\n\n<br>"
}
],
"value": "Affected Family \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in Software/Firmware Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software/Firmware Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32 .011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 Process \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.33.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix 5380 SIL 2 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.013\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix 5380 SIL 3 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix\u00ae 5580 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix\u00ae 5580 Process \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.33.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv2.001\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv6.001 and later"
"value": "Affected Family \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in Software/Firmware Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software/Firmware Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32 .011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5380 Process \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.33.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix 5380 SIL 2 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.013\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompact GuardLogix 5380 SIL 3 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCompactLogix 5480 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix\u00ae 5580 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nControlLogix\u00ae 5580 Process \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.33.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nGuardLogix 5580 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv.32.011\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv33.017, v34.014, v35.013, v36.011 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n1756-EN4\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv2.001\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nv6.001 and later\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\n\n\n\nMitigations and Workarounds \nCustomers who are unable to upgrade to the corrected software versions are encouraged to apply the following risk mitigations. \n\n * Users who do not wish to use CIP security can disable the feature per device. See \"Disable CIP Security\" in Chapter 2 of \"CIP Security with Rockwell Automation Products\" (publication SECURE-AT001)\n\n\n\n\nFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability. Customers can use Stakeholder-Specific Vulnerability Categorization https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc \u00a0to generate more environment-specific prioritization."
}
]
}

76
2024/7xxx/CVE-2024-7960.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "Pavilion8\u00ae",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<V5.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1695",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p><br>&nbsp;</p><p>Affected Product </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Affected Software Version </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Software Version </p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Pavilion8\u00ae </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;V5.20 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>V6.0 and later &nbsp;</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds <br>Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f&nbsp;</p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a>&nbsp;</p></li></ul>\n\n\n\n<br>"
}
],
"value": "Affected Product \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nAffected Software Version \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software Version \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nPavilion8\u00ae \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <V5.20 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nV6.0 and later \u00a0\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \nCustomers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u00a0\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
}

76
2024/7xxx/CVE-2024-7961.json
View File

@ -1,18 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "Pavilion8\u00ae",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<V5.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1695",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p><br></p><p><br>Affected Product </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Affected Software Version </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Software Version </p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Pavilion8\u00ae </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &lt;V5.20 </p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>V6.0 and later &nbsp;</p></td></tr></tbody></table><br><br>\n\n<p>Mitigations and Workarounds <br>Customers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f&nbsp;</p><ul><li><p><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p></li></ul>\n\n<br>"
}
],
"value": "Affected Product \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nAffected Software Version \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software Version \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nPavilion8\u00ae \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <V5.20 \n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nV6.0 and later \u00a0\n\n\n\n\n\nMitigations and Workarounds \nCustomers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.\u202f\u202f\u202f\u00a0\n\n * Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
}

98
2024/8xxx/CVE-2024-8533.json
View File

@ -1,18 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "2800C OptixPanel\u2122 Compact",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0.325"
}
]
}
},
{
"product_name": "2800S OptixPanel\u2122 Standard",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0.350"
}
]
}
},
{
"product_name": "Embedded Edge Compute Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.0.0.347"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1964.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1964",
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p><br>Affected Product</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>First Known in Software Version</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>Corrected in Software Version</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>2800C OptixPanel\u2122 Compact</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>4.0.0.325</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>4.0.2.116</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>2800S OptixPanel\u2122 Standard</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>4.0.0.350</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>4.0.2.123</p><p>&nbsp;</p><p>&nbsp;</p></td></tr><tr><td><p>&nbsp;</p><p>&nbsp;</p><p>Embedded Edge Compute Module</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>4.0.0.347</p><p>&nbsp;</p><p>&nbsp;</p></td><td><p>&nbsp;</p><p>&nbsp;</p><p>4.0.2.106</p><p>&nbsp;</p></td></tr></tbody></table><br>\n\n<p>Mitigations and Workarounds <br>Customers using the affected software are encouraged to apply security best practices</p><ul><li><p>For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">security best practices</a>&nbsp;to minimize the risk of the vulnerability.</p></li></ul>\n\n\n\n<br>"
}
],
"value": "Affected Product\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nFirst Known in Software Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nCorrected in Software Version\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n2800C OptixPanel\u2122 Compact\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.0.325\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.2.116\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n2800S OptixPanel\u2122 Standard\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.0.350\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.2.123\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\nEmbedded Edge Compute Module\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.0.347\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n\u00a0\n\n4.0.2.106\n\n\u00a0\n\n\n\n\nMitigations and Workarounds \nCustomers using the affected software are encouraged to apply security best practices\n\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability."
}
]
}

18
2024/8xxx/CVE-2024-8763.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8764.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8765.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8766.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/8xxx/CVE-2024-8767.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}