diff --git a/2022/2xxx/CVE-2022-2988.json b/2022/2xxx/CVE-2022-2988.json index 174cd15e999..6a09e35a4e3 100644 --- a/2022/2xxx/CVE-2022-2988.json +++ b/2022/2xxx/CVE-2022-2988.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-2988", "STATE": "PUBLIC" }, @@ -23,7 +23,7 @@ } }, { - "product_name": "EcoStruxure Machine Expert – HVAC", + "product_name": "EcoStruxure Machine Expert \u2013 HVAC", "version": { "version_data": [ { @@ -48,7 +48,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)" + "value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert \u2013 HVAC (Versions prior to V1.4.0)" } ] }, @@ -86,8 +86,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf" } ] }, diff --git a/2022/45xxx/CVE-2022-45788.json b/2022/45xxx/CVE-2022-45788.json index 56e303bef19..f2878a7beee 100644 --- a/2022/45xxx/CVE-2022-45788.json +++ b/2022/45xxx/CVE-2022-45788.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-45788", "STATE": "PUBLIC" }, @@ -11,7 +11,7 @@ "product": { "product_data": [ { - "product_name": "EcoStruxure™ Control Expert ", + "product_name": "EcoStruxure\u2122 Control Expert ", "version": { "version_data": [ { @@ -22,7 +22,7 @@ } }, { - "product_name": "EcoStruxure™ Process Expert", + "product_name": "EcoStruxure\u2122 Process Expert", "version": { "version_data": [ { @@ -113,7 +113,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)" + "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure\u2122 Control Expert (All Versions), EcoStruxure\u2122 Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)" } ] }, @@ -151,8 +151,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf" } ] }, diff --git a/2022/45xxx/CVE-2022-45789.json b/2022/45xxx/CVE-2022-45789.json index b1c61ee0368..eef56ff7e8d 100644 --- a/2022/45xxx/CVE-2022-45789.json +++ b/2022/45xxx/CVE-2022-45789.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2022-45789", "STATE": "PUBLIC" }, @@ -11,7 +11,7 @@ "product": { "product_data": [ { - "product_name": "EcoStruxure™ Control Expert ", + "product_name": "EcoStruxure\u2122 Control Expert ", "version": { "version_data": [ { @@ -22,7 +22,7 @@ } }, { - "product_name": "EcoStruxure™ Process Expert", + "product_name": "EcoStruxure\u2122 Process Expert", "version": { "version_data": [ { @@ -80,7 +80,7 @@ "description_data": [ { "lang": "eng", - "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)" + "value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure\u2122 Control Expert (All Versions), EcoStruxure\u2122 Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)" } ] }, @@ -118,8 +118,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf" } ] }, diff --git a/2022/47xxx/CVE-2022-47132.json b/2022/47xxx/CVE-2022-47132.json index c3d92d29fdb..e823a76a994 100644 --- a/2022/47xxx/CVE-2022-47132.json +++ b/2022/47xxx/CVE-2022-47132.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-47132", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-47132", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portswigger.net/web-security/csrf", + "refsource": "MISC", + "name": "https://portswigger.net/web-security/csrf" + }, + { + "url": "https://www.linkedin.com/in/xvinicius/", + "refsource": "MISC", + "name": "https://www.linkedin.com/in/xvinicius/" + }, + { + "refsource": "MISC", + "name": "https://xpsec.co/blog/academy-lms-5-10-add-admin-csrf", + "url": "https://xpsec.co/blog/academy-lms-5-10-add-admin-csrf" } ] } diff --git a/2022/48xxx/CVE-2022-48021.json b/2022/48xxx/CVE-2022-48021.json index d6e0de511ff..e06d17a0d4f 100644 --- a/2022/48xxx/CVE-2022-48021.json +++ b/2022/48xxx/CVE-2022-48021.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-48021", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-48021", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/de/advisories/zaa-2022-11", + "refsource": "MISC", + "name": "https://zammad.com/de/advisories/zaa-2022-11" } ] } diff --git a/2022/48xxx/CVE-2022-48022.json b/2022/48xxx/CVE-2022-48022.json index 61fea0f4359..c14a37b013e 100644 --- a/2022/48xxx/CVE-2022-48022.json +++ b/2022/48xxx/CVE-2022-48022.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-48022", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-48022", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/de/advisories/zaa-2022-13", + "refsource": "MISC", + "name": "https://zammad.com/de/advisories/zaa-2022-13" } ] } diff --git a/2022/48xxx/CVE-2022-48023.json b/2022/48xxx/CVE-2022-48023.json index 70b32a3b5f9..7d13954670d 100644 --- a/2022/48xxx/CVE-2022-48023.json +++ b/2022/48xxx/CVE-2022-48023.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-48023", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-48023", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zammad.com/de/advisories/zaa-2022-12", + "refsource": "MISC", + "name": "https://zammad.com/de/advisories/zaa-2022-12" } ] } diff --git a/2023/22xxx/CVE-2023-22610.json b/2023/22xxx/CVE-2023-22610.json index 14c0a79ffcb..a2c330af528 100644 --- a/2023/22xxx/CVE-2023-22610.json +++ b/2023/22xxx/CVE-2023-22610.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2023-22610", "STATE": "PUBLIC" }, @@ -74,8 +74,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf" } ] }, diff --git a/2023/22xxx/CVE-2023-22611.json b/2023/22xxx/CVE-2023-22611.json index de65bd23fad..db326505aec 100644 --- a/2023/22xxx/CVE-2023-22611.json +++ b/2023/22xxx/CVE-2023-22611.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "cybersecurity@se.com", + "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2023-22611", "STATE": "PUBLIC" }, @@ -74,8 +74,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf" + "refsource": "MISC", + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf" } ] },