admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-17 14:00:52 +00:00
parent 8f6657845f
commit 1517c8717c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 1821 additions and 1485 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2017/11xxx/CVE-2017-11427.json
View File

@ -1,9 +1,40 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11427", "ID": "CVE-2017-11427",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PythonSAML",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "OneLogin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
@ -11,8 +42,53 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

82
2017/11xxx/CVE-2017-11428.json
View File

@ -1,9 +1,40 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11428", "ID": "CVE-2017-11428",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby-SAML",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.6.0"
}
]
}
}
]
},
"vendor_name": "OneLogin"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
@ -11,8 +42,53 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

86
2017/11xxx/CVE-2017-11429.json
View File

@ -1,9 +1,44 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11429", "ID": "CVE-2017-11429",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "saml2-js",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.0"
},
{
"affected": "<",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Clever"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
@ -11,8 +46,53 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

82
2017/11xxx/CVE-2017-11430.json
View File

@ -1,9 +1,40 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@duo.com",
"ID": "CVE-2017-11430", "ID": "CVE-2017-11430",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OmnitAuth-SAML",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.9.0"
}
]
}
}
]
},
"vendor_name": "OmniAuth"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kelby Ludwig of Duo Security"
}
],
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
@ -11,8 +42,53 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations",
"refsource": "MISC",
"name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations"
},
{
"url": "https://www.kb.cert.org/vuls/id/475445",
"refsource": "MISC",
"name": "https://www.kb.cert.org/vuls/id/475445"
}
]
},
"source": {
"discovery": "INTERNAL"
}
} }

11
2017/12xxx/CVE-2017-12741.json
View File

@ -894,7 +894,6 @@
] ]
} }
} }
] ]
} }
}, },
@ -922,16 +921,16 @@
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
}, },
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{ {
"refsource": "BID", "refsource": "BID",
"name": "101964", "name": "101964",
"url": "https://www.securityfocus.com/bid/101964" "url": "https://www.securityfocus.com/bid/101964"
}, },
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{ {
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf",

8
2018/13xxx/CVE-2018-13803.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-13803", "ID": "CVE-2018-13803",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

13
2018/13xxx/CVE-2018-13808.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE", "data_type": "CVE",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-13808", "ID": "CVE-2018-13808",
"ASSIGNER": "productcert@siemens.com" "ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -32,7 +33,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -53,7 +55,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
} }
] ]
}, },
@ -61,9 +65,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition.\n\nSuccessful exploitation requires network access to a vulnerable device.\n\nAt the time of advisory publication no public exploitation of this vulnerability was known." "value": "A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). An attacker with network access to port 23/tcp could extract internal communication data or cause a Denial-of-Service condition. Successful exploitation requires network access to a vulnerable device. At the time of advisory publication no public exploitation of this vulnerability was known."
} }
] ]
} }
} }

12
2018/13xxx/CVE-2018-13809.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE", "data_type": "CVE",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-13809", "ID": "CVE-2018-13809",
"ASSIGNER": "productcert@siemens.com" "ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -32,7 +33,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -53,7 +55,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
} }
] ]
}, },
@ -61,7 +65,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link.\n\nUser interaction is required for a successful exploitation.\n\nAt the time of advisory publication no public exploitation of this vulnerability was known." "value": "A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known."
} }
] ]
} }

12
2018/13xxx/CVE-2018-13810.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE", "data_type": "CVE",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-13810", "ID": "CVE-2018-13810",
"ASSIGNER": "productcert@siemens.com" "ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -32,7 +33,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -53,7 +55,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
} }
] ]
}, },
@ -61,7 +65,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link.\n\nSuccessful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform.\n\nAt the time of advisory publication no public exploitation of this vulnerability was known." "value": "A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. At the time of advisory publication no public exploitation of this vulnerability was known."
} }
] ]
} }

8
2018/13xxx/CVE-2018-13817.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-13817", "ID": "CVE-2018-13817",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

12
2018/16xxx/CVE-2018-16558.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE", "data_type": "CVE",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-16558", "ID": "CVE-2018-16558",
"ASSIGNER": "productcert@siemens.com" "ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -32,7 +33,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -53,7 +55,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf"
} }
] ]
}, },
@ -61,7 +65,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }

12
2018/16xxx/CVE-2018-16559.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE", "data_type": "CVE",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-16559", "ID": "CVE-2018-16559",
"ASSIGNER": "productcert@siemens.com" "ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -32,7 +33,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -53,7 +55,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf"
} }
] ]
}, },
@ -61,7 +65,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }

8
2018/16xxx/CVE-2018-16560.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16560", "ID": "CVE-2018-16560",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

13
2018/16xxx/CVE-2018-16561.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE", "data_type": "CVE",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2018-16561", "ID": "CVE-2018-16561",
"ASSIGNER": "productcert@siemens.com" "ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
@ -22,7 +23,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -43,7 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf"
} }
] ]
}, },
@ -51,9 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.\n\nSuccessful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue." "value": "A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue."
} }
] ]
} }
} }

8
2018/16xxx/CVE-2018-16562.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16562", "ID": "CVE-2018-16562",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16564.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16564", "ID": "CVE-2018-16564",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16565.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16565", "ID": "CVE-2018-16565",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16566.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16566", "ID": "CVE-2018-16566",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16567.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16567", "ID": "CVE-2018-16567",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16568.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16568", "ID": "CVE-2018-16568",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16569.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16569", "ID": "CVE-2018-16569",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16570.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16570", "ID": "CVE-2018-16570",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16571.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16571", "ID": "CVE-2018-16571",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16572.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16572", "ID": "CVE-2018-16572",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16573.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16573", "ID": "CVE-2018-16573",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16574.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16574", "ID": "CVE-2018-16574",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16575.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16575", "ID": "CVE-2018-16575",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16576.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16576", "ID": "CVE-2018-16576",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16577.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16577", "ID": "CVE-2018-16577",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16578.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16578", "ID": "CVE-2018-16578",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16579.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16579", "ID": "CVE-2018-16579",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16580.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16580", "ID": "CVE-2018-16580",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16581.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16581", "ID": "CVE-2018-16581",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16582.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16582", "ID": "CVE-2018-16582",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16583.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16583", "ID": "CVE-2018-16583",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/16xxx/CVE-2018-16584.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16584", "ID": "CVE-2018-16584",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

8
2018/4xxx/CVE-2018-4857.json
View File

@ -1,12 +1,12 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4857", "ID": "CVE-2018-4857",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT" "STATE": "REJECT"
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {

7
2019/3xxx/CVE-2019-3708.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-08T04:00:00.000Z", "DATE_PUBLIC": "2019-04-08T04:00:00.000Z",
"ID": "CVE-2019-3708", "ID": "CVE-2019-3708",
"STATE": "PUBLIC", "STATE": "PUBLIC",
@ -81,8 +81,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "FULLDISC", "refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Apr/16" "url": "https://seclists.org/fulldisclosure/2019/Apr/16",
"name": "https://seclists.org/fulldisclosure/2019/Apr/16"
} }
] ]
}, },

7
2019/3xxx/CVE-2019-3709.json
View File

@ -1,6 +1,6 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-08T04:00:00.000Z", "DATE_PUBLIC": "2019-04-08T04:00:00.000Z",
"ID": "CVE-2019-3709", "ID": "CVE-2019-3709",
"STATE": "PUBLIC", "STATE": "PUBLIC",
@ -81,8 +81,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "FULLDISC", "refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2019/Apr/16" "url": "https://seclists.org/fulldisclosure/2019/Apr/16",
"name": "https://seclists.org/fulldisclosure/2019/Apr/16"
} }
] ]
}, },

4
2019/3xxx/CVE-2019-3798.json
View File

@ -3,7 +3,7 @@
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-11T00:00:00.000Z", "DATE_PUBLIC": "2019-04-11T00:00:00.000Z",
"ID": "CVE-2019-3798", "ID": "CVE-2019-3798",
"STATE": "PUBLIC", "STATE": "PUBLIC",
@ -41,7 +41,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim." "value": "Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim."
} }
] ]
}, },

3
2019/3xxx/CVE-2019-3883.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-3883", "ID": "CVE-2019-3883",
"ASSIGNER": "lpardo@redhat.com" "ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {

11
2019/6xxx/CVE-2019-6568.json
View File

@ -623,7 +623,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -644,8 +645,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
} }
] ]
}, },
@ -653,9 +655,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIAMTIC RF185C (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF186C (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (All versions), SINAMICS G130 V4.7 (All versions), SINAMICS G130 V4.7 SP1 (All versions), SINAMICS G130 V4.8 (All versions < V4.8 HF6), SINAMICS G130 V5.1 (All versions), SINAMICS G130 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (All versions), SINAMICS G150 V4.7 (All versions), SINAMICS G150 V4.7 SP1 (All versions), SINAMICS G150 V4.8 (All versions < V4.8 HF6), SINAMICS G150 V5.1 (All versions), SINAMICS G150 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (All versions), SINAMICS S120 V4.7 (All versions), SINAMICS S120 V4.7 SP1 (All versions), SINAMICS S120 V4.8 (All versions < V4.8 HF6), SINAMICS S120 V5.1 (All versions), SINAMICS S120 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (All versions), SINAMICS S150 V4.7 (All versions), SINAMICS S150 V4.7 SP1 (All versions), SINAMICS S150 V4.8 (All versions < V4.8 HF6), SINAMICS S150 V5.1 (All versions), SINAMICS S150 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (All versions), SINAMICS S210 V5.1 SP1 (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIAMTIC RF185C (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF186C (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (All versions), SINAMICS G130 V4.7 (All versions), SINAMICS G130 V4.7 SP1 (All versions), SINAMICS G130 V4.8 (All versions < V4.8 HF6), SINAMICS G130 V5.1 (All versions), SINAMICS G130 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (All versions), SINAMICS G150 V4.7 (All versions), SINAMICS G150 V4.7 SP1 (All versions), SINAMICS G150 V4.8 (All versions < V4.8 HF6), SINAMICS G150 V5.1 (All versions), SINAMICS G150 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (All versions), SINAMICS S120 V4.7 (All versions), SINAMICS S120 V4.7 SP1 (All versions), SINAMICS S120 V4.8 (All versions < V4.8 HF6), SINAMICS S120 V5.1 (All versions), SINAMICS S120 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (All versions), SINAMICS S150 V4.7 (All versions), SINAMICS S150 V4.7 SP1 (All versions), SINAMICS S150 V4.8 (All versions < V4.8 HF6), SINAMICS S150 V5.1 (All versions), SINAMICS S150 V5.1 SP1 (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (All versions), SINAMICS S210 V5.1 SP1 (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

11
2019/6xxx/CVE-2019-6570.json
View File

@ -23,7 +23,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -44,8 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
} }
] ]
}, },
@ -53,9 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

11
2019/6xxx/CVE-2019-6575.json
View File

@ -183,7 +183,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -204,8 +205,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
} }
] ]
}, },
@ -213,9 +215,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Comfort (All versions), SIMATIC WinCC Runtime HSP Comfort (All versions), SIMATIC WinCC Runtime Mobile (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Comfort (All versions), SIMATIC WinCC Runtime HSP Comfort (All versions), SIMATIC WinCC Runtime Mobile (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }

13
2019/6xxx/CVE-2019-6579.json
View File

@ -15,7 +15,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Spectrum Power 4", "product_name": "Spectrum Power\u2122 4",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -23,7 +23,8 @@
} }
] ]
} }
} ] }
]
} }
} }
] ]
@ -44,8 +45,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf"
} }
] ]
}, },
@ -53,9 +55,8 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known." "value": "A vulnerability has been identified in Spectrum Power\u2122 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
} }
] ]
} }
} }