From 212b0d66b51b64b956cd7cc3b1bb12e022f47fe7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 17 Dec 2018 16:12:09 -0500 Subject: [PATCH] - Added submission from Schneider Electric for SEVD-2018-327-01 from 2018-12-13. --- 2018/7xxx/CVE-2018-7797.json | 66 ++++++++++++++++++++++++++++++++++-- 2018/7xxx/CVE-2018-7804.json | 48 ++++++++++++++++++++++++-- 2018/7xxx/CVE-2018-7812.json | 48 ++++++++++++++++++++++++-- 2018/7xxx/CVE-2018-7833.json | 48 ++++++++++++++++++++++++-- 4 files changed, 198 insertions(+), 12 deletions(-) diff --git a/2018/7xxx/CVE-2018-7797.json b/2018/7xxx/CVE-2018-7797.json index 2ed25b068c8..8fe5b48ca85 100644 --- a/2018/7xxx/CVE-2018-7797.json +++ b/2018/7xxx/CVE-2018-7797.json @@ -1,8 +1,49 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cybersecurity@se.com", "ID" : "CVE-2018-7797", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module", + "version" : { + "version_data" : [ + { + "version_value" : "EcoStruxureª" + }, + { + "version_value" : "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª" + }, + { + "version_value" : "Energy Expert 1.3 (formerly Power Manager), EcoStruxureª" + }, + { + "version_value" : "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª" + }, + { + "version_value" : "Power Monitoring Expert (PME) v9.0, EcoStruxureª" + }, + { + "version_value" : "Energy Expert v2.0, and EcoStruxureª" + }, + { + "version_value" : "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module" + } + ] + } + } + ] + }, + "vendor_name" : "Schneider Electric SE" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +52,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "URL redirection" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/" } ] } diff --git a/2018/7xxx/CVE-2018-7804.json b/2018/7xxx/CVE-2018-7804.json index 09ccca0d99e..c799e5f386d 100644 --- a/2018/7xxx/CVE-2018-7804.json +++ b/2018/7xxx/CVE-2018-7804.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cybersecurity@se.com", "ID" : "CVE-2018-7804", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", + "version" : { + "version_data" : [ + { + "version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200" + } + ] + } + } + ] + }, + "vendor_name" : "Schneider Electric SE" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attackerÕs choosing." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "URL Redirection to Untrusted Site" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/" } ] } diff --git a/2018/7xxx/CVE-2018-7812.json b/2018/7xxx/CVE-2018-7812.json index 7e2f4fd0128..0807e06390c 100644 --- a/2018/7xxx/CVE-2018-7812.json +++ b/2018/7xxx/CVE-2018-7812.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cybersecurity@se.com", "ID" : "CVE-2018-7812", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", + "version" : { + "version_data" : [ + { + "version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200" + } + ] + } + } + ] + }, + "vendor_name" : "Schneider Electric SE" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Exposure Through Discrepancy" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/" } ] } diff --git a/2018/7xxx/CVE-2018-7833.json b/2018/7xxx/CVE-2018-7833.json index 698dcd0ce93..b4dccac580c 100644 --- a/2018/7xxx/CVE-2018-7833.json +++ b/2018/7xxx/CVE-2018-7833.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cybersecurity@se.com", "ID" : "CVE-2018-7833", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200", + "version" : { + "version_data" : [ + { + "version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200" + } + ] + } + } + ] + }, + "vendor_name" : "Schneider Electric SE" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/" } ] }