admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Schneider Electric for SEVD-2018-327-01 from 2018-12-13.

Browse Source
This commit is contained in:
CVE Team 2018-12-17 16:12:09 -05:00
parent 45feeb5ff6
commit 212b0d66b5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 198 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2018/7xxx/CVE-2018-7797.json
View File

@ -1,8 +1,49 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7797",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module",
"version" : {
"version_data" : [
{
"version_value" : "EcoStruxure&#xaa"
},
{
"version_value" : "Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure&#xaa"
},
{
"version_value" : "Energy Expert 1.3 (formerly Power Manager), EcoStruxure&#xaa"
},
{
"version_value" : "Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure&#xaa"
},
{
"version_value" : "Power Monitoring Expert (PME) v9.0, EcoStruxure&#xaa"
},
{
"version_value" : "Energy Expert v2.0, and EcoStruxure&#xaa"
},
{
"version_value" : "Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +52,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxureª Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxureª Energy Expert 1.3 (formerly Power Manager), EcoStruxureª Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxureª Power Monitoring Expert (PME) v9.0, EcoStruxureª Energy Expert v2.0, and EcoStruxureªPower SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "URL redirection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-347-01/"
}
]
}

48
2018/7xxx/CVE-2018-7804.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7804",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200",
"version" : {
"version_data" : [
{
"version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attackerÕs choosing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "URL Redirection to Untrusted Site"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"
}
]
}

48
2018/7xxx/CVE-2018-7812.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7812",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200",
"version" : {
"version_data" : [
{
"version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Discrepancy"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"
}
]
}

48
2018/7xxx/CVE-2018-7833.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7833",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200",
"version" : {
"version_data" : [
{
"version_value" : "Embedded Web Servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01/"
}
]
}