From 133bc4647cfc3acbceca80dd98604cce3cd9cfe1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 Sep 2021 11:01:02 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10941.json | 7 ++++--- 2019/10xxx/CVE-2019-10942.json | 2 +- 2019/13xxx/CVE-2019-13946.json | 2 +- 2019/19xxx/CVE-2019-19301.json | 2 +- 2020/15xxx/CVE-2020-15782.json | 2 +- 2020/15xxx/CVE-2020-15799.json | 2 +- 2020/15xxx/CVE-2020-15800.json | 2 +- 2020/25xxx/CVE-2020-25226.json | 2 +- 2020/25xxx/CVE-2020-25238.json | 2 +- 2020/28xxx/CVE-2020-28391.json | 2 +- 2020/28xxx/CVE-2020-28395.json | 12 ++++++------ 2020/28xxx/CVE-2020-28397.json | 2 +- 2020/28xxx/CVE-2020-28400.json | 2 +- 2020/7xxx/CVE-2020-7580.json | 2 +- 2021/25xxx/CVE-2021-25660.json | 2 +- 2021/25xxx/CVE-2021-25661.json | 12 ++++++------ 2021/25xxx/CVE-2021-25662.json | 10 +++++----- 2021/25xxx/CVE-2021-25665.json | 7 ++++--- 2021/25xxx/CVE-2021-25668.json | 2 +- 2021/25xxx/CVE-2021-25669.json | 2 +- 2021/27xxx/CVE-2021-27383.json | 2 +- 2021/27xxx/CVE-2021-27384.json | 2 +- 2021/27xxx/CVE-2021-27385.json | 2 +- 2021/27xxx/CVE-2021-27386.json | 2 +- 2021/27xxx/CVE-2021-27391.json | 7 ++++--- 2021/31xxx/CVE-2021-31891.json | 7 ++++--- 2021/31xxx/CVE-2021-31894.json | 2 +- 2021/33xxx/CVE-2021-33716.json | 7 ++++--- 2021/33xxx/CVE-2021-33719.json | 7 ++++--- 2021/33xxx/CVE-2021-33720.json | 7 ++++--- 2021/33xxx/CVE-2021-33721.json | 2 +- 2021/33xxx/CVE-2021-33737.json | 7 ++++--- 2021/33xxx/CVE-2021-33738.json | 2 +- 2021/37xxx/CVE-2021-37172.json | 2 +- 2021/37xxx/CVE-2021-37173.json | 7 ++++--- 2021/37xxx/CVE-2021-37174.json | 7 ++++--- 2021/37xxx/CVE-2021-37175.json | 7 ++++--- 2021/37xxx/CVE-2021-37176.json | 7 ++++--- 2021/37xxx/CVE-2021-37177.json | 7 ++++--- 2021/37xxx/CVE-2021-37181.json | 7 ++++--- 2021/37xxx/CVE-2021-37183.json | 7 ++++--- 2021/37xxx/CVE-2021-37184.json | 7 ++++--- 2021/37xxx/CVE-2021-37186.json | 7 ++++--- 2021/37xxx/CVE-2021-37190.json | 7 ++++--- 2021/37xxx/CVE-2021-37191.json | 7 ++++--- 2021/37xxx/CVE-2021-37192.json | 7 ++++--- 2021/37xxx/CVE-2021-37193.json | 7 ++++--- 2021/37xxx/CVE-2021-37200.json | 7 ++++--- 2021/37xxx/CVE-2021-37201.json | 7 ++++--- 2021/37xxx/CVE-2021-37202.json | 7 ++++--- 2021/37xxx/CVE-2021-37203.json | 7 ++++--- 2021/37xxx/CVE-2021-37206.json | 7 ++++--- 2021/40xxx/CVE-2021-40354.json | 7 ++++--- 2021/40xxx/CVE-2021-40355.json | 7 ++++--- 2021/40xxx/CVE-2021-40356.json | 7 ++++--- 2021/40xxx/CVE-2021-40357.json | 7 ++++--- 56 files changed, 160 insertions(+), 130 deletions(-) diff --git a/2019/10xxx/CVE-2019-10941.json b/2019/10xxx/CVE-2019-10941.json index 54a0c228284..1fec4a65fe4 100644 --- a/2019/10xxx/CVE-2019-10941.json +++ b/2019/10xxx/CVE-2019-10941.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges.\n" + "value": "A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected system, and successful exploitation requires no system privileges." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10942.json b/2019/10xxx/CVE-2019-10942.json index d18e7ce5cda..9a921e162f3 100644 --- a/2019/10xxx/CVE-2019-10942.json +++ b/2019/10xxx/CVE-2019-10942.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger\na denial-of-service condition by sending large message packages repeatedly\nto the telnet service.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device." } ] }, diff --git a/2019/13xxx/CVE-2019-13946.json b/2019/13xxx/CVE-2019-13946.json index 0a6f6c234b9..b0cd465c8b5 100644 --- a/2019/13xxx/CVE-2019-13946.json +++ b/2019/13xxx/CVE-2019-13946.json @@ -526,7 +526,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 (All versions < V4.3), SCALANCE S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200 (All Versions < V3.0), SCALANCE XC-200 (All Versions < V3.0), SCALANCE XF-200BA (All Versions < V3.0), SCALANCE XM-400 (All Versions < V6.0), SCALANCE XP-200 (All Versions < V3.0), SCALANCE XR-300WG (All Versions < V3.0), SCALANCE XR-500 (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 (All Versions < V7.0.6), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 (All versions < V3), SIMOTION C (All versions < V4.5), SIMOTION D (incl. SIPLUS variants) (All versions < V4.5), SIMOTION P (All versions < V4.5), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device.\n\n" + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 (All versions < V4.3), SCALANCE S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200 (All Versions < V3.0), SCALANCE XC-200 (All Versions < V3.0), SCALANCE XF-200BA (All Versions < V3.0), SCALANCE XM-400 (All Versions < V6.0), SCALANCE XP-200 (All Versions < V3.0), SCALANCE XR-300WG (All Versions < V3.0), SCALANCE XR-500 (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 (All Versions < V7.0.6), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 (All versions < V3), SIMOTION C (All versions < V4.5), SIMOTION D (incl. SIPLUS variants) (All versions < V4.5), SIMOTION P (All versions < V4.5), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions). Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device." } ] }, diff --git a/2019/19xxx/CVE-2019-19301.json b/2019/19xxx/CVE-2019-19301.json index 1d7470e9b38..1d5fd4643b2 100644 --- a/2019/19xxx/CVE-2019-19301.json +++ b/2019/19xxx/CVE-2019-19301.json @@ -106,7 +106,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." } ] }, diff --git a/2020/15xxx/CVE-2020-15782.json b/2020/15xxx/CVE-2020-15782.json index f9b2ef9d20d..c220da027b6 100644 --- a/2020/15xxx/CVE-2020-15782.json +++ b/2020/15xxx/CVE-2020-15782.json @@ -136,7 +136,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation.\n\nA remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.\n\n" + "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks." } ] }, diff --git a/2020/15xxx/CVE-2020-15799.json b/2020/15xxx/CVE-2020-15799.json index a47ee08b515..2725936f8be 100644 --- a/2020/15xxx/CVE-2020-15799.json +++ b/2020/15xxx/CVE-2020-15799.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.\n\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products." } ] }, diff --git a/2020/15xxx/CVE-2020-15800.json b/2020/15xxx/CVE-2020-15800.json index 871f9b283cb..6aef62652d3 100644 --- a/2020/15xxx/CVE-2020-15800.json +++ b/2020/15xxx/CVE-2020-15800.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition.\nAn attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.\n\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily." } ] }, diff --git a/2020/25xxx/CVE-2020-25226.json b/2020/25xxx/CVE-2020-25226.json index 54a934e361d..dd73d5cb75d 100644 --- a/2020/25xxx/CVE-2020-25226.json +++ b/2020/25xxx/CVE-2020-25226.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition.\nAn attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.\n\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore." } ] }, diff --git a/2020/25xxx/CVE-2020-25238.json b/2020/25xxx/CVE-2020-25238.json index 0a8170e8614..a6344660239 100644 --- a/2020/25xxx/CVE-2020-25238.json +++ b/2020/25xxx/CVE-2020-25238.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges.\n\nThe security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system.\n\n" + "value": "A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16). Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system." } ] }, diff --git a/2020/28xxx/CVE-2020-28391.json b/2020/28xxx/CVE-2020-28391.json index 117a9b79f5d..d6aa116ae2f 100644 --- a/2020/28xxx/CVE-2020-28391.json +++ b/2020/28xxx/CVE-2020-28391.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). Devices create a new unique key upon factory reset, except when used\nwith C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key\nshipped with the firmware-image. An attacker could leverage this situation to a\nman-in-the-middle situation and decrypt previously captured traffic.\n\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic." } ] }, diff --git a/2020/28xxx/CVE-2020-28395.json b/2020/28xxx/CVE-2020-28395.json index 952eba1d298..63eabfcea29 100644 --- a/2020/28xxx/CVE-2020-28395.json +++ b/2020/28xxx/CVE-2020-28395.json @@ -46,17 +46,12 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.\n\n" + "value": "A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic." } ] }, "references": { "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" - }, { "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf", @@ -66,6 +61,11 @@ "refsource": "MISC", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-02" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28397.json b/2020/28xxx/CVE-2020-28397.json index ae0091dadc3..8ab037a9231 100644 --- a/2020/28xxx/CVE-2020-28397.json +++ b/2020/28xxx/CVE-2020-28397.json @@ -106,7 +106,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.\n\n" + "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5 < V21.9), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once." } ] }, diff --git a/2020/28xxx/CVE-2020-28400.json b/2020/28xxx/CVE-2020-28400.json index 10f403d51e0..4883f54c34c 100644 --- a/2020/28xxx/CVE-2020-28400.json +++ b/2020/28xxx/CVE-2020-28400.json @@ -826,7 +826,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7), RUGGEDCOM RM1224 (All Versions < V6.4), SCALANCE M-800 (All Versions < V6.4), SCALANCE S615 (All Versions < V6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions < V4.3), SCALANCE XC-200 (All versions < V4.3), SCALANCE XF-200BA (All versions < V4.3), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions < V4.3), SCALANCE XR-300WG (All versions < V4.3), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC CM 1542-1 (All versions < V3.0), SIMATIC CP1616/CP1604 (All Versions >= V2.7), SIMATIC CP1626 (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.\n\n\n" + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7), RUGGEDCOM RM1224 (All Versions < V6.4), SCALANCE M-800 (All Versions < V6.4), SCALANCE S615 (All Versions < V6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions < V4.3), SCALANCE XC-200 (All versions < V4.3), SCALANCE XF-200BA (All versions < V4.3), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions < V4.3), SCALANCE XR-300WG (All versions < V4.3), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC CM 1542-1 (All versions < V3.0), SIMATIC CP1616/CP1604 (All Versions >= V2.7), SIMATIC CP1626 (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." } ] }, diff --git a/2020/7xxx/CVE-2020-7580.json b/2020/7xxx/CVE-2020-7580.json index 3512f5da5d0..48d08578eaf 100644 --- a/2020/7xxx/CVE-2020-7580.json +++ b/2020/7xxx/CVE-2020-7580.json @@ -286,7 +286,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.\n\n\n" + "value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted." } ] }, diff --git a/2021/25xxx/CVE-2021-25660.json b/2021/25xxx/CVE-2021-25660.json index d946728cf3c..549c27843a0 100644 --- a/2021/25xxx/CVE-2021-25660.json +++ b/2021/25xxx/CVE-2021-25660.json @@ -116,7 +116,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition." } ] }, diff --git a/2021/25xxx/CVE-2021-25661.json b/2021/25xxx/CVE-2021-25661.json index ff9009b20c0..0ec1d676ed0 100644 --- a/2021/25xxx/CVE-2021-25661.json +++ b/2021/25xxx/CVE-2021-25661.json @@ -116,21 +116,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition." } ] }, "references": { "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" - }, { "refsource": "MISC", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12" + }, + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25662.json b/2021/25xxx/CVE-2021-25662.json index 1b1b8c3dece..774225d892c 100644 --- a/2021/25xxx/CVE-2021-25662.json +++ b/2021/25xxx/CVE-2021-25662.json @@ -116,7 +116,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition.\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a Denial-of-Service condition." } ] }, @@ -124,13 +124,13 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12", - "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12" + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" }, { "refsource": "MISC", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf" + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12" } ] } diff --git a/2021/25xxx/CVE-2021-25665.json b/2021/25xxx/CVE-2021-25665.json index c7772e1f284..380cedbfcd6 100644 --- a/2021/25xxx/CVE-2021-25665.json +++ b/2021/25xxx/CVE-2021-25665.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure.\n\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700)\n\n" + "value": "A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13700)" } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25668.json b/2021/25xxx/CVE-2021-25668.json index 969cf11a769..6cf547b15fe 100644 --- a/2021/25xxx/CVE-2021-25668.json +++ b/2021/25xxx/CVE-2021-25668.json @@ -326,7 +326,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.\n\n" + "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code." } ] }, diff --git a/2021/25xxx/CVE-2021-25669.json b/2021/25xxx/CVE-2021-25669.json index f63310f022a..f6927bca6ed 100644 --- a/2021/25xxx/CVE-2021-25669.json +++ b/2021/25xxx/CVE-2021-25669.json @@ -326,7 +326,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.\n\n" + "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution." } ] }, diff --git a/2021/27xxx/CVE-2021-27383.json b/2021/27xxx/CVE-2021-27383.json index 1859cfb9f27..d0b19695706 100644 --- a/2021/27xxx/CVE-2021-27383.json +++ b/2021/27xxx/CVE-2021-27383.json @@ -196,7 +196,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.\n\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition." } ] }, diff --git a/2021/27xxx/CVE-2021-27384.json b/2021/27xxx/CVE-2021-27384.json index ec4f132fcf1..db06cc6ee33 100644 --- a/2021/27xxx/CVE-2021-27384.json +++ b/2021/27xxx/CVE-2021-27384.json @@ -196,7 +196,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side,\nwhich can potentially result in code execution.\n\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution." } ] }, diff --git a/2021/27xxx/CVE-2021-27385.json b/2021/27xxx/CVE-2021-27385.json index d7dcadee9dd..34f16621863 100644 --- a/2021/27xxx/CVE-2021-27385.json +++ b/2021/27xxx/CVE-2021-27385.json @@ -196,7 +196,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side,\nwhich could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.\n\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition." } ] }, diff --git a/2021/27xxx/CVE-2021-27386.json b/2021/27xxx/CVE-2021-27386.json index 90a13408970..ae13da768aa 100644 --- a/2021/27xxx/CVE-2021-27386.json +++ b/2021/27xxx/CVE-2021-27386.json @@ -196,7 +196,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16\n\n7\\\" & 15\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16\n\n4\\\" - 22\\\" (incl. SIPLUS variants)\n (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16\n\nKTP400F, KTP700, KTP700F, KTP900 and KTP900F\n (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.\n\n\n" + "value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V15 SP1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 SP1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15 SP1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition." } ] }, diff --git a/2021/27xxx/CVE-2021-27391.json b/2021/27xxx/CVE-2021-27391.json index 8bd8101bfc7..54124f25e8b 100644 --- a/2021/27xxx/CVE-2021-27391.json +++ b/2021/27xxx/CVE-2021-27391.json @@ -116,15 +116,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow.\n\nAn unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.\n\n\n\n" + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31891.json b/2021/31xxx/CVE-2021-31891.json index c7d22f9e89f..0749f63232e 100644 --- a/2021/31xxx/CVE-2021-31891.json +++ b/2021/31xxx/CVE-2021-31891.json @@ -86,15 +86,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection.\n\nAn unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.\n\n" + "value": "A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf" } ] } diff --git a/2021/31xxx/CVE-2021-31894.json b/2021/31xxx/CVE-2021-31894.json index 01cb44cbe8e..3e3e30bbe01 100644 --- a/2021/31xxx/CVE-2021-31894.json +++ b/2021/31xxx/CVE-2021-31894.json @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions.\nAn attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.\n\n" + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software." } ] }, diff --git a/2021/33xxx/CVE-2021-33716.json b/2021/33xxx/CVE-2021-33716.json index 98706ac56cd..106b66eaac0 100644 --- a/2021/33xxx/CVE-2021-33716.json +++ b/2021/33xxx/CVE-2021-33716.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.\n\n\n" + "value": "A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf" } ] } diff --git a/2021/33xxx/CVE-2021-33719.json b/2021/33xxx/CVE-2021-33719.json index 0fa9e8a67d9..bc29976f69f 100644 --- a/2021/33xxx/CVE-2021-33719.json +++ b/2021/33xxx/CVE-2021-33719.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.\n\n\n\n" + "value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf" } ] } diff --git a/2021/33xxx/CVE-2021-33720.json b/2021/33xxx/CVE-2021-33720.json index 178706d37f7..b65038f5f6d 100644 --- a/2021/33xxx/CVE-2021-33720.json +++ b/2021/33xxx/CVE-2021-33720.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.\n\n\n\n" + "value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf" } ] } diff --git a/2021/33xxx/CVE-2021-33721.json b/2021/33xxx/CVE-2021-33721.json index 7e31cd9db9c..fa1408227e2 100644 --- a/2021/33xxx/CVE-2021-33721.json +++ b/2021/33xxx/CVE-2021-33721.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection.\n\nAn authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.\n\n" + "value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges." } ] }, diff --git a/2021/33xxx/CVE-2021-33737.json b/2021/33xxx/CVE-2021-33737.json index a2d60a619aa..25124911435 100644 --- a/2021/33xxx/CVE-2021-33737.json +++ b/2021/33xxx/CVE-2021-33737.json @@ -96,15 +96,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a Denial-of-Service condition. A restart is needed to restore normal operations.\n" + "value": "A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a Denial-of-Service condition. A restart is needed to restore normal operations." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf" } ] } diff --git a/2021/33xxx/CVE-2021-33738.json b/2021/33xxx/CVE-2021-33738.json index 57be0bb1bda..b078a890934 100644 --- a/2021/33xxx/CVE-2021-33738.json +++ b/2021/33xxx/CVE-2021-33738.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)\n\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)" } ] }, diff --git a/2021/37xxx/CVE-2021-37172.json b/2021/37xxx/CVE-2021-37172.json index 0000aa9c4fe..3e7e9a47858 100644 --- a/2021/37xxx/CVE-2021-37172.json +++ b/2021/37xxx/CVE-2021-37172.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.\n" + "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device." } ] }, diff --git a/2021/37xxx/CVE-2021-37173.json b/2021/37xxx/CVE-2021-37173.json index f303e8dad03..57ebe2237a8 100644 --- a/2021/37xxx/CVE-2021-37173.json +++ b/2021/37xxx/CVE-2021-37173.json @@ -136,15 +136,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated attacker to extract data via Secure Shell (SSH).\n" + "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated attacker to extract data via Secure Shell (SSH)." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37174.json b/2021/37xxx/CVE-2021-37174.json index 0b7255bc50e..730d8e82c15 100644 --- a/2021/37xxx/CVE-2021-37174.json +++ b/2021/37xxx/CVE-2021-37174.json @@ -136,15 +136,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.\n\n" + "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37175.json b/2021/37xxx/CVE-2021-37175.json index 052d431ade5..7c048d32d4a 100644 --- a/2021/37xxx/CVE-2021-37175.json +++ b/2021/37xxx/CVE-2021-37175.json @@ -136,15 +136,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.\n\n" + "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37176.json b/2021/37xxx/CVE-2021-37176.json index 50d7d45d1fb..86519e0bd5e 100644 --- a/2021/37xxx/CVE-2021-37176.json +++ b/2021/37xxx/CVE-2021-37176.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer.\n\nAn attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260)\n" + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260)" } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37177.json b/2021/37xxx/CVE-2021-37177.json index 93dfbeaf43d..555fbcfa1fc 100644 --- a/2021/37xxx/CVE-2021-37177.json +++ b/2021/37xxx/CVE-2021-37177.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system.\n" + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37181.json b/2021/37xxx/CVE-2021-37181.json index ac08b566e82..7f0b78881bc 100644 --- a/2021/37xxx/CVE-2021-37181.json +++ b/2021/37xxx/CVE-2021-37181.json @@ -156,15 +156,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker\nto execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability.\n\n\n" + "value": "A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Compact V4.0 (All versions), Desigo CC Compact V4.1 (All versions), Desigo CC Compact V4.2 (All versions), Desigo CC Compact V5.0 (All versions < V5.0 QU1), Desigo CC V4.0 (All versions), Desigo CC V4.1 (All versions), Desigo CC V4.2 (All versions), Desigo CC V5.0 (All versions < V5.0 QU1). The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. The CCOM communication component used for Windows App / Click-Once and IE Web / XBAP client connectivity are affected by the vulnerability." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37183.json b/2021/37xxx/CVE-2021-37183.json index 69381408772..c4adf9e84af 100644 --- a/2021/37xxx/CVE-2021-37183.json +++ b/2021/37xxx/CVE-2021-37183.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.\n" + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37184.json b/2021/37xxx/CVE-2021-37184.json index 7b92a4ad3da..a503659d877 100644 --- a/2021/37xxx/CVE-2021-37184.json +++ b/2021/37xxx/CVE-2021-37184.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.\n\n" + "value": "A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37186.json b/2021/37xxx/CVE-2021-37186.json index d517ce40f39..3f84e84aecb 100644 --- a/2021/37xxx/CVE-2021-37186.json +++ b/2021/37xxx/CVE-2021-37186.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU 3000 family (All versions). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.\n" + "value": "A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU 3000 family (All versions). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37190.json b/2021/37xxx/CVE-2021-37190.json index 24b199e3025..ecf06189d35 100644 --- a/2021/37xxx/CVE-2021-37190.json +++ b/2021/37xxx/CVE-2021-37190.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.\n" + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37191.json b/2021/37xxx/CVE-2021-37191.json index edd241968cd..b7df69211fb 100644 --- a/2021/37xxx/CVE-2021-37191.json +++ b/2021/37xxx/CVE-2021-37191.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.\n" + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37192.json b/2021/37xxx/CVE-2021-37192.json index 886a58477cc..615c6cb16b1 100644 --- a/2021/37xxx/CVE-2021-37192.json +++ b/2021/37xxx/CVE-2021-37192.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.\n" + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37193.json b/2021/37xxx/CVE-2021-37193.json index 0f77bc7296a..deb381b7d64 100644 --- a/2021/37xxx/CVE-2021-37193.json +++ b/2021/37xxx/CVE-2021-37193.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa).\n" + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa)." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37200.json b/2021/37xxx/CVE-2021-37200.json index 87805affd11..58a76c64f63 100644 --- a/2021/37xxx/CVE-2021-37200.json +++ b/2021/37xxx/CVE-2021-37200.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.\n" + "value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37201.json b/2021/37xxx/CVE-2021-37201.json index 99725a738d1..b32a4dc03f1 100644 --- a/2021/37xxx/CVE-2021-37201.json +++ b/2021/37xxx/CVE-2021-37201.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.\n" + "value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37202.json b/2021/37xxx/CVE-2021-37202.json index 736ec373d7f..e9245080708 100644 --- a/2021/37xxx/CVE-2021-37202.json +++ b/2021/37xxx/CVE-2021-37202.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n\n\n" + "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984). The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37203.json b/2021/37xxx/CVE-2021-37203.json index cc596efb3f4..404dd844353 100644 --- a/2021/37xxx/CVE-2021-37203.json +++ b/2021/37xxx/CVE-2021-37203.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations.\n\n\n" + "value": "A vulnerability has been identified in NX 1980 Series (All versions < V1984). The plmxmlAdapterIFC.dll contains an out-of-bounds read while parsing user supplied IFC files which could result in a read past the end of an allocated buffer. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37206.json b/2021/37xxx/CVE-2021-37206.json index c10b1dd0545..8dac3491c07 100644 --- a/2021/37xxx/CVE-2021-37206.json +++ b/2021/37xxx/CVE-2021-37206.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.\n\n" + "value": "A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP200 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40354.json b/2021/40xxx/CVE-2021-40354.json index 0cbad2dad88..9b2f7967a1c 100644 --- a/2021/40xxx/CVE-2021-40354.json +++ b/2021/40xxx/CVE-2021-40354.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The \"surrogate\" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the \"inbox/surrogate tasks\".\n" + "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The \"surrogate\" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the \"inbox/surrogate tasks\"." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40355.json b/2021/40xxx/CVE-2021-40355.json index 71d59cf18a8..4fb16dffe02 100644 --- a/2021/40xxx/CVE-2021-40355.json +++ b/2021/40xxx/CVE-2021-40355.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly.\n\n" + "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The affected application contains Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to use user-supplied input to access objects directly." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40356.json b/2021/40xxx/CVE-2021-40356.json index d617054002c..ad981762bfd 100644 --- a/2021/40xxx/CVE-2021-40356.json +++ b/2021/40xxx/CVE-2021-40356.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.\n\n" + "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40357.json b/2021/40xxx/CVE-2021-40357.json index 9ff9125c127..d4a11e8654a 100644 --- a/2021/40xxx/CVE-2021-40357.json +++ b/2021/40xxx/CVE-2021-40357.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.\n" + "value": "A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf" } ] }