From b185618752aa6cc5abf9a122b2a9189aa421d2d6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 20 Mar 2018 11:27:12 -0400 Subject: [PATCH] - Added submissions from ICS-CERT from 2018-03-19. --- 2017/14xxx/CVE-2017-14002.json | 49 ++++++++++++++++++++++++++++++-- 2017/14xxx/CVE-2017-14004.json | 49 ++++++++++++++++++++++++++++++-- 2017/14xxx/CVE-2017-14006.json | 49 ++++++++++++++++++++++++++++++-- 2017/14xxx/CVE-2017-14008.json | 49 ++++++++++++++++++++++++++++++-- 2018/7xxx/CVE-2018-7511.json | 52 ++++++++++++++++++++++++++++++++-- 5 files changed, 233 insertions(+), 15 deletions(-) diff --git a/2017/14xxx/CVE-2017-14002.json b/2017/14xxx/CVE-2017-14002.json index 8c3ba8167a5..641975d9f56 100644 --- a/2017/14xxx/CVE-2017-14002.json +++ b/2017/14xxx/CVE-2017-14002.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-03-13T00:00:00", "ID" : "CVE-2017-14002", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "GE Infinia", + "version" : { + "version_data" : [ + { + "version_value" : "All" + } + ] + } + } + ] + }, + "vendor_name" : "GE Healthcare" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER AUTHENTICATION CWE-287 The affected devices use default or hard-coded credentials." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" } ] } diff --git a/2017/14xxx/CVE-2017-14004.json b/2017/14xxx/CVE-2017-14004.json index 323e7d1665f..a4a18b5f4f0 100644 --- a/2017/14xxx/CVE-2017-14004.json +++ b/2017/14xxx/CVE-2017-14004.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-03-13T00:00:00", "ID" : "CVE-2017-14004", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "GE GEMNet License server aka. (EchoServer)", + "version" : { + "version_data" : [ + { + "version_value" : "All" + } + ] + } + } + ] + }, + "vendor_name" : "GE Healthcare" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER AUTHENTICATION CWE-287 The affected devices use default or hard-coded credentials." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" } ] } diff --git a/2017/14xxx/CVE-2017-14006.json b/2017/14xxx/CVE-2017-14006.json index c1b4f9b652d..dd22b96f20c 100644 --- a/2017/14xxx/CVE-2017-14006.json +++ b/2017/14xxx/CVE-2017-14006.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-03-13T00:00:00", "ID" : "CVE-2017-14006", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "GE Xeleris", + "version" : { + "version_data" : [ + { + "version_value" : "1.0,1.1,2.1,3.0,3.1" + } + ] + } + } + ] + }, + "vendor_name" : "GE Healthcare" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER AUTHENTICATION CWE-287 The affected devices use default or hard-coded credentials." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" } ] } diff --git a/2017/14xxx/CVE-2017-14008.json b/2017/14xxx/CVE-2017-14008.json index 00d0fa190b2..54bed9c3fe2 100644 --- a/2017/14xxx/CVE-2017-14008.json +++ b/2017/14xxx/CVE-2017-14008.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-03-13T00:00:00", "ID" : "CVE-2017-14008", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "GE Centricity PACS RA1000", + "version" : { + "version_data" : [ + { + "version_value" : "All" + } + ] + } + } + ] + }, + "vendor_name" : "GE Healthcare" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials.Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER AUTHENTICATION CWE-287 The affected devices use default or hard-coded credentials." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" } ] } diff --git a/2018/7xxx/CVE-2018-7511.json b/2018/7xxx/CVE-2018-7511.json index e719c500449..ef33415825f 100644 --- a/2018/7xxx/CVE-2018-7511.json +++ b/2018/7xxx/CVE-2018-7511.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-03-06T00:00:00", "ID" : "CVE-2018-7511", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Eaton ELCSoft", + "version" : { + "version_data" : [ + { + "version_value" : "2.04.02 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Eaton" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "There are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03" + }, + { + "url" : "http://www.eaton.com/ecm/idcplg?IdcService=GET_FILE&allowInterrupt=1&RevisionSelectionMethod=LatestReleased&noSaveAs=0&Rendition=Primary&dDocName=PCT_3313148" } ] }