admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-11 10:00:39 +00:00
parent 212ced9721
commit 28138a582c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
60 changed files with 4119 additions and 272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2022/24xxx/CVE-2022-24287.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24287",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-24287",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP 1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP 2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1188: Insecure Default Initialization of Resource",
"cweId": "CWE-1188"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,10 +36,22 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V9.0 and earlier",
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -29,6 +62,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V9.1 SP1 UC01"
}
]
@ -39,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
@ -49,27 +84,41 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V17 Upd4"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4 and earlier",
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.4 SP 1 Update 21"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
{
"version_value": "All versions < V7.5 SP2 Update 8"
"version_affected": "=",
"version_value": "All versions < V7.5 SP 2 Update 8"
}
]
}
@ -80,33 +129,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1188: Insecure Default Initialization of Resource"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

104
2022/25xxx/CVE-2022-25622.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler, SIMATIC PN/PN Coupler, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210, SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS HCS4200 CIM4210, SIPLUS HCS4200 CIM4210C, SIPLUS HCS4300 CIM4310, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
"value": "A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler, SIMATIC PN/PN Coupler, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210, SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS HCS4200 CIM4210, SIPLUS HCS4200 CIM4210C, SIPLUS HCS4300 CIM4310, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
}
]
},
@ -424,6 +424,61 @@
]
}
},
{
"product_name": "SIMATIC S7-400 CPU 412-2 PN V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"version": {
@ -435,17 +490,6 @@
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)",
"version": {
@ -529,7 +573,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions with Ethernet interface"
"version_value": "All versions < V4.7.14 with Ethernet interface"
}
]
}
@ -540,7 +584,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions with Ethernet interface"
"version_value": "All versions < V4.7.14 with Ethernet interface"
}
]
}
@ -551,7 +595,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions with Ethernet interface"
"version_value": "All versions < V4.7.14 with Ethernet interface"
}
]
}
@ -562,7 +606,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.2 SP 3 HF 13"
"version_value": "All versions < V5.2.3.13"
}
]
}
@ -573,7 +617,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.2 SP 3 HF 13"
"version_value": "All versions < V5.2.3.13"
}
]
}
@ -595,7 +639,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.2 SP3 HF13"
"version_value": "All versions < V5.2.3.13"
}
]
}
@ -606,7 +650,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.2 SP 3 HF 13"
"version_value": "All versions < V5.2.3.13"
}
]
}
@ -753,6 +797,28 @@
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}

174
2022/29xxx/CVE-2022-29561.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

174
2022/29xxx/CVE-2022-29562.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
]
}

181
2022/30xxx/CVE-2022-30694.json
View File

@ -36,12 +36,23 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC Drive Controller family",
"product_name": "SIMATIC Drive Controller CPU 1504D TF",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.0.1"
"version_value": "All versions < V2.9.7"
}
]
}
},
{
"product_name": "SIMATIC Drive Controller CPU 1507D TF",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.9.7"
}
]
}
@ -133,7 +144,7 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -148,7 +159,7 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -163,11 +174,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -178,11 +189,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -197,11 +208,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -212,7 +223,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -223,7 +234,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -234,11 +245,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -253,7 +264,7 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -268,7 +279,7 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -283,11 +294,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -302,11 +313,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -317,7 +328,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -332,11 +343,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -351,11 +362,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -366,7 +377,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -377,7 +388,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -388,7 +399,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -403,11 +414,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -422,11 +433,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -591,7 +602,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -602,7 +613,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -613,7 +624,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -624,7 +635,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -635,7 +646,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -646,7 +657,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -811,7 +822,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < VX.17 Update 5"
"version_value": "All versions < V17 Update 5"
}
]
}
@ -855,7 +866,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -866,7 +877,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -877,11 +888,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -892,11 +903,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -911,11 +922,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -926,11 +937,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -941,11 +952,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -956,11 +967,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -975,19 +986,19 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -998,11 +1009,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1013,11 +1024,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1032,11 +1043,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1051,19 +1062,19 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1078,11 +1089,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1093,11 +1104,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1108,7 +1119,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1119,7 +1130,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1130,7 +1141,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1141,7 +1152,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1160,19 +1171,19 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1183,7 +1194,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1194,7 +1205,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1209,11 +1220,11 @@
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}
@ -1224,11 +1235,11 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
},
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V2.9.7"
}
]
}

64
2022/31xxx/CVE-2022-31810.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.\r\n\r\nThis could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiPass integrated",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.90.3.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-924149.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

68
2022/43xxx/CVE-2022-43517.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-43517",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43517",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Simcenter STAR-CCM+ (All versions < V2306). The affected application improperly assigns file permissions to installation folders.\r\n\r\nThis could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,7 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_affected": "=",
"version_value": "All versions < V2306"
}
]
}
@ -30,33 +52,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Simcenter STAR-CCM+ (All versions). The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-930100.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-930100.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

4
2023/25xxx/CVE-2023-25910.json
View File

@ -87,8 +87,8 @@
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C",
"baseScore": 9.9,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]

64
2023/29xxx/CVE-2023-29130.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29130",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CN 4100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

64
2023/29xxx/CVE-2023-29131.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CN 4100",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-313488.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 7.4,
"baseSeverity": "HIGH"
}
]
}

119
2023/35xxx/CVE-2023-35920.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted IP packets sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC MV540 H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV540 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV550 H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV550 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV560 U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV560 X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

119
2023/35xxx/CVE-2023-35921.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-35921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). Affected devices cannot properly process specially crafted Ethernet frames sent to the devices. This could allow an unauthenticated remote attacker to cause a denial of service condition. The affected devices must be restarted manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC MV540 H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV540 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV550 H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV550 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV560 U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV560 X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

174
2023/36xxx/CVE-2023-36386.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

174
2023/36xxx/CVE-2023-36389.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

174
2023/36xxx/CVE-2023-36390.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

119
2023/36xxx/CVE-2023-36521.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3.4), SIMATIC MV540 S (All versions < V3.3.4), SIMATIC MV550 H (All versions < V3.3.4), SIMATIC MV550 S (All versions < V3.3.4), SIMATIC MV560 U (All versions < V3.3.4), SIMATIC MV560 X (All versions < V3.3.4). The result synchronization server of the affected products contains a\r\nvulnerability that may lead to a denial of service condition. An attacker may\r\ncause a denial of service situation of all socket-based communication of the\r\naffected products if the result server is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC MV540 H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV540 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV550 H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV550 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV560 U",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
},
{
"product_name": "SIMATIC MV560 X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.3.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-561322.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
]
}

85
2023/36xxx/CVE-2023-36693.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <=\u00a01.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Alain Gonzalez",
"product": {
"product_data": [
{
"product_name": "WP RSS Images",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wp-rss-images/wordpress-wp-rss-images-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wp-rss-images/wordpress-wp-rss-images-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "LEE SE HYOUNG (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

174
2023/36xxx/CVE-2023-36748.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-326: Inadequate Encryption Strength",
"cweId": "CWE-326"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
}
]
}

174
2023/36xxx/CVE-2023-36749.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"cweId": "CWE-327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 7.4,
"baseSeverity": "HIGH"
}
]
}

174
2023/36xxx/CVE-2023-36750.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

174
2023/36xxx/CVE-2023-36751.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

174
2023/36xxx/CVE-2023-36752.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

174
2023/36xxx/CVE-2023-36753.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

174
2023/36xxx/CVE-2023-36754.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

174
2023/36xxx/CVE-2023-36755.json
View File

@ -1,17 +1,183 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

75
2023/37xxx/CVE-2023-37246.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

75
2023/37xxx/CVE-2023-37247.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

75
2023/37xxx/CVE-2023-37248.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

75
2023/37xxx/CVE-2023-37374.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

75
2023/37xxx/CVE-2023-37375.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

75
2023/37xxx/CVE-2023-37376.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0002"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-764801.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

85
2023/37xxx/CVE-2023-37391.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <=\u00a03.4.1 versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WPMobilePack.com",
"product": {
"product_data": [
{
"product_name": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "3.4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "LEE SE HYOUNG (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

18
2023/37xxx/CVE-2023-37940.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37941.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37942.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37943.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37944.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37945.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37945",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37946.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37947.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37948.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37948",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37949.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37950.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37950",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37951.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37951",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37952.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37952",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37953.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37954.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37954",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37955.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37955",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37956.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37957.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37958.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37959.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37959",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37960.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37961.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37961",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37962.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37962",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37963.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37963",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37964.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/37xxx/CVE-2023-37965.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3614.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3614",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/3xxx/CVE-2023-3615.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3615",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}