From 2bde95bc146e5f89f8757688235f4c71b2abeb64 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 14 May 2024 11:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19300.json | 177 ++++++++------ 2022/24xxx/CVE-2022-24309.json | 82 ++++--- 2022/25xxx/CVE-2022-25622.json | 134 ++++++----- 2022/38xxx/CVE-2022-38371.json | 73 +++--- 2022/45xxx/CVE-2022-45044.json | 34 +-- 2023/25xxx/CVE-2023-25910.json | 4 +- 2023/28xxx/CVE-2023-28766.json | 8 +- 2023/28xxx/CVE-2023-28831.json | 2 +- 2023/46xxx/CVE-2023-46156.json | 9 +- 2023/46xxx/CVE-2023-46280.json | 412 ++++++++++++++++++++++++++++++++- 2023/46xxx/CVE-2023-46281.json | 13 +- 2023/46xxx/CVE-2023-46282.json | 13 +- 2023/46xxx/CVE-2023-46283.json | 13 +- 2023/46xxx/CVE-2023-46284.json | 13 +- 2023/46xxx/CVE-2023-46285.json | 13 +- 2023/49xxx/CVE-2023-49125.json | 20 +- 2023/50xxx/CVE-2023-50236.json | 7 +- 2024/1xxx/CVE-2024-1023.json | 31 +-- 2024/1xxx/CVE-2024-1300.json | 31 +-- 2024/22xxx/CVE-2024-22039.json | 167 ++++++++++++- 2024/22xxx/CVE-2024-22040.json | 187 ++++++++++++++- 2024/22xxx/CVE-2024-22041.json | 187 ++++++++++++++- 2024/23xxx/CVE-2024-23813.json | 7 +- 2024/27xxx/CVE-2024-27939.json | 65 +++++- 2024/27xxx/CVE-2024-27940.json | 65 +++++- 2024/27xxx/CVE-2024-27941.json | 65 +++++- 2024/27xxx/CVE-2024-27942.json | 65 +++++- 2024/27xxx/CVE-2024-27943.json | 65 +++++- 2024/27xxx/CVE-2024-27944.json | 65 +++++- 2024/27xxx/CVE-2024-27945.json | 65 +++++- 2024/27xxx/CVE-2024-27946.json | 65 +++++- 2024/27xxx/CVE-2024-27947.json | 65 +++++- 2024/30xxx/CVE-2024-30206.json | 65 +++++- 2024/30xxx/CVE-2024-30207.json | 65 +++++- 2024/30xxx/CVE-2024-30208.json | 65 +++++- 2024/30xxx/CVE-2024-30209.json | 65 +++++- 2024/31xxx/CVE-2024-31484.json | 77 +++++- 2024/31xxx/CVE-2024-31485.json | 77 +++++- 2024/31xxx/CVE-2024-31486.json | 65 +++++- 2024/31xxx/CVE-2024-31980.json | 89 ++++++- 2024/32xxx/CVE-2024-32055.json | 65 +++++- 2024/32xxx/CVE-2024-32057.json | 65 +++++- 2024/32xxx/CVE-2024-32058.json | 65 +++++- 2024/32xxx/CVE-2024-32059.json | 65 +++++- 2024/32xxx/CVE-2024-32060.json | 65 +++++- 2024/32xxx/CVE-2024-32061.json | 65 +++++- 2024/32xxx/CVE-2024-32062.json | 65 +++++- 2024/32xxx/CVE-2024-32063.json | 65 +++++- 2024/32xxx/CVE-2024-32064.json | 65 +++++- 2024/32xxx/CVE-2024-32065.json | 65 +++++- 2024/32xxx/CVE-2024-32066.json | 65 +++++- 2024/32xxx/CVE-2024-32077.json | 78 ++++++- 2024/32xxx/CVE-2024-32635.json | 89 ++++++- 2024/32xxx/CVE-2024-32636.json | 89 ++++++- 2024/32xxx/CVE-2024-32637.json | 89 ++++++- 2024/32xxx/CVE-2024-32639.json | 65 +++++- 2024/32xxx/CVE-2024-32740.json | 65 +++++- 2024/32xxx/CVE-2024-32741.json | 65 +++++- 2024/32xxx/CVE-2024-32742.json | 65 +++++- 2024/33xxx/CVE-2024-33489.json | 65 +++++- 2024/33xxx/CVE-2024-33490.json | 65 +++++- 2024/33xxx/CVE-2024-33491.json | 65 +++++- 2024/33xxx/CVE-2024-33492.json | 65 +++++- 2024/33xxx/CVE-2024-33493.json | 65 +++++- 2024/33xxx/CVE-2024-33494.json | 65 +++++- 2024/33xxx/CVE-2024-33495.json | 65 +++++- 2024/33xxx/CVE-2024-33496.json | 65 +++++- 2024/33xxx/CVE-2024-33497.json | 65 +++++- 2024/33xxx/CVE-2024-33498.json | 65 +++++- 2024/33xxx/CVE-2024-33499.json | 65 +++++- 2024/33xxx/CVE-2024-33577.json | 89 ++++++- 2024/33xxx/CVE-2024-33583.json | 65 +++++- 2024/33xxx/CVE-2024-33647.json | 65 +++++- 2024/34xxx/CVE-2024-34085.json | 113 ++++++++- 2024/34xxx/CVE-2024-34086.json | 113 ++++++++- 2024/34xxx/CVE-2024-34771.json | 65 +++++- 2024/34xxx/CVE-2024-34772.json | 65 +++++- 2024/34xxx/CVE-2024-34773.json | 65 +++++- 2024/4xxx/CVE-2024-4862.json | 18 ++ 2024/4xxx/CVE-2024-4863.json | 18 ++ 80 files changed, 4955 insertions(+), 546 deletions(-) create mode 100644 2024/4xxx/CVE-2024-4862.json create mode 100644 2024/4xxx/CVE-2024-4863.json diff --git a/2019/19xxx/CVE-2019-19300.json b/2019/19xxx/CVE-2019-19300.json index 19a7acde51d..8a734bc3b60 100644 --- a/2019/19xxx/CVE-2019-19300.json +++ b/2019/19xxx/CVE-2019-19300.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions), SIMATIC S7-300 CPU 315-2 PN/DP (All versions), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317-2 PN/DP (All versions), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions), SIMATIC S7-300 CPU 319-3 PN/DP (All versions), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions), SIPLUS NET PN/PN Coupler (All versions >= V4.2), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions), SIPLUS S7-300 CPU 315-2 PN/DP (All versions), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions), SIPLUS S7-300 CPU 317-2 PN/DP (All versions), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." } ] }, @@ -106,8 +106,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -117,8 +118,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -128,8 +130,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -139,8 +142,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -150,8 +154,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -161,8 +166,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V2.0" + "version_affected": "<", + "version_name": "0", + "version_value": "V2.0" } ] } @@ -172,8 +178,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V2.0" + "version_affected": "<", + "version_name": "0", + "version_value": "V2.0" } ] } @@ -194,8 +201,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -231,8 +239,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -242,8 +251,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -253,8 +263,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.3" } ] } @@ -264,8 +275,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -275,8 +287,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -418,8 +431,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -429,8 +443,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -440,8 +455,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -451,8 +467,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -462,8 +479,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -473,8 +491,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -484,8 +503,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -495,8 +515,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -506,8 +527,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -517,8 +539,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -550,8 +573,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -561,8 +585,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -572,8 +597,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -583,8 +609,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -627,8 +654,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -638,8 +666,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -660,8 +689,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -671,8 +701,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -682,8 +713,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -693,8 +725,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -704,8 +737,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -722,6 +756,11 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html" } ] }, diff --git a/2022/24xxx/CVE-2022-24309.json b/2022/24xxx/CVE-2022-24309.json index bdda76a0250..59c5bd1e0df 100644 --- a/2022/24xxx/CVE-2022-24309.json +++ b/2022/24xxx/CVE-2022-24309.json @@ -1,12 +1,33 @@ { - "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", - "ID": "CVE-2022-24309", - "STATE": "PUBLIC" - }, - "data_format": "MITRE", "data_version": "4.0", "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2022-24309", + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,9 @@ "version": { "version_data": [ { - "version_value": "All versions < V7.23.29" + "version_affected": "<", + "version_name": "0", + "version_value": "V7.23.29" } ] } @@ -29,7 +52,9 @@ "version": { "version_data": [ { - "version_value": "All versions < V8.18.16" + "version_affected": "<", + "version_name": "0", + "version_value": "V8.18.16" } ] } @@ -39,7 +64,9 @@ "version": { "version_data": [ { - "version_value": "All deployments with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False" + "version_affected": "<", + "version_name": "0", + "version_value": "V9.13" } ] } @@ -50,32 +77,27 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-284: Improper Access Control" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All deployments with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/25xxx/CVE-2022-25622.json b/2022/25xxx/CVE-2022-25622.json index b4fd70de1ab..180307f22b5 100644 --- a/2022/25xxx/CVE-2022-25622.json +++ b/2022/25xxx/CVE-2022-25622.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler, SIMATIC PN/PN Coupler, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210, SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS HCS4200 CIM4210, SIPLUS HCS4200 CIM4210C, SIPLUS HCS4300 CIM4310, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments." + "value": "A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0), SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0), SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210 (6SL5...), SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0), SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0), SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments." } ] }, @@ -128,8 +128,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -165,8 +166,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -176,8 +178,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -187,8 +190,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.3" } ] } @@ -198,8 +202,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -209,8 +214,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V5.1.1" + "version_affected": "<", + "version_name": "V5.1.1", + "version_value": "V5.1.2" } ] } @@ -429,8 +435,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -440,8 +447,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -451,8 +459,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -462,8 +471,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -473,8 +483,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -484,8 +495,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V6.0.10" + "version_affected": "<", + "version_name": "0", + "version_value": "V6.0.10" } ] } @@ -506,8 +518,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V8.2.3" + "version_affected": "<", + "version_name": "0", + "version_value": "V8.2.3" } ] } @@ -517,8 +530,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V1.1.10" + "version_affected": "<", + "version_name": "0", + "version_value": "V1.1.10" } ] } @@ -528,8 +542,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V1.2.1" + "version_affected": "<", + "version_name": "0", + "version_value": "V1.2.1" } ] } @@ -572,8 +587,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V4.7.14 with Ethernet interface" + "version_affected": "<", + "version_name": "0", + "version_value": "V4.7.14" } ] } @@ -583,8 +599,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V4.7.14 with Ethernet interface" + "version_affected": "<", + "version_name": "0", + "version_value": "V4.7.14" } ] } @@ -594,8 +611,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V4.7.14 with Ethernet interface" + "version_affected": "<", + "version_name": "0", + "version_value": "V4.7 SP14" } ] } @@ -605,8 +623,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V5.2.3.13" + "version_affected": "<", + "version_name": "0", + "version_value": "V5.2.3.13" } ] } @@ -616,8 +635,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V5.2.3.13" + "version_affected": "<", + "version_name": "0", + "version_value": "V5.2.3.13" } ] } @@ -638,8 +658,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V5.2.3.13" + "version_affected": "<", + "version_name": "0", + "version_value": "V5.2 SP3 HF13" } ] } @@ -649,19 +670,21 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V5.2.3.13" + "version_affected": "<", + "version_name": "0", + "version_value": "V5.2.3.13" } ] } }, { - "product_name": "SINAMICS S210", + "product_name": "SINAMICS S210 (6SL5...)", "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -803,8 +826,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -814,8 +838,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -832,6 +857,11 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-446448.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-446448.html" } ] }, diff --git a/2022/38xxx/CVE-2022-38371.json b/2022/38xxx/CVE-2022-38371.json index e839a2a98f7..9617171761e 100644 --- a/2022/38xxx/CVE-2022-38371.json +++ b/2022/38xxx/CVE-2022-38371.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (Versions including affected FTP server), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server." + "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server." } ] }, @@ -84,8 +84,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V3.5.7" } ] } @@ -95,8 +96,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V2.8.21" } ] } @@ -106,8 +108,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V3.5.7" } ] } @@ -117,8 +120,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V2.8.21" } ] } @@ -128,8 +132,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V2.3" + "version_affected": "<", + "version_name": "V2.3", + "version_value": "*" } ] } @@ -150,8 +155,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V2.3" + "version_affected": "<", + "version_name": "V2.3", + "version_value": "*" } ] } @@ -172,8 +178,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V2.3" + "version_affected": "<", + "version_name": "V2.3", + "version_value": "*" } ] } @@ -260,8 +267,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions >= V2.3" + "version_affected": "<", + "version_name": "V2.3", + "version_value": "*" } ] } @@ -315,8 +323,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "Versions including affected FTP server" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -326,8 +335,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V3.5.7" } ] } @@ -337,8 +347,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V3.5.7" } ] } @@ -351,15 +362,25 @@ }, "references": { "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf" }, { - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf", + "url": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html", "refsource": "MISC", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf" + "name": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html" } ] }, @@ -367,7 +388,7 @@ "cvss": [ { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" } diff --git a/2022/45xxx/CVE-2022-45044.json b/2022/45xxx/CVE-2022-45044.json index 2884c43e19d..a35432588b4 100644 --- a/2022/45xxx/CVE-2022-45044.json +++ b/2022/45xxx/CVE-2022-45044.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack." + "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack." } ] }, @@ -304,9 +304,8 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "0", - "version_value": "*" + "version_affected": "=", + "version_value": "All versions < V8.89" } ] } @@ -327,9 +326,8 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "0", - "version_value": "*" + "version_affected": "=", + "version_value": "All versions < V8.89" } ] } @@ -396,9 +394,8 @@ "version": { "version_data": [ { - "version_affected": "<", - "version_name": "0", - "version_value": "*" + "version_affected": "=", + "version_value": "All versions < V8.89" } ] } @@ -737,13 +734,17 @@ "product_name": "SIPROTEC 5 Communication Module ETH-BA-2EL", "version": { "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V8.89 installed on CP100 devices" + }, { "version_affected": "=", "version_value": "All versions < V9.50 installed on CP150 and CP300 devices" }, { "version_affected": "=", - "version_value": "All versions installed on CP100 and CP200 devices" + "version_value": "All versions installed on CP200 devices" } ] } @@ -752,13 +753,17 @@ "product_name": "SIPROTEC 5 Communication Module ETH-BB-2FO", "version": { "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V8.89 installed on CP100 devices" + }, { "version_affected": "=", "version_value": "All versions < V9.50 installed on CP150 and CP300 devices" }, { "version_affected": "=", - "version_value": "All versions installed on CP100 and CP200 devices" + "version_value": "All versions installed on CP200 devices" } ] } @@ -768,8 +773,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions < V9.50" + "version_affected": "<", + "version_name": "0", + "version_value": "V9.50" } ] } diff --git a/2023/25xxx/CVE-2023-25910.json b/2023/25xxx/CVE-2023-25910.json index eed1f93b62e..bfe211ff301 100644 --- a/2023/25xxx/CVE-2023-25910.json +++ b/2023/25xxx/CVE-2023-25910.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server." + "value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server." } ] }, @@ -54,7 +54,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V5.7 SP1 HF1" } ] } diff --git a/2023/28xxx/CVE-2023-28766.json b/2023/28xxx/CVE-2023-28766.json index 0495c53372c..b7f623ccb4e 100644 --- a/2023/28xxx/CVE-2023-28766.json +++ b/2023/28xxx/CVE-2023-28766.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device." + "value": "A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device." } ] }, @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V8.89" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V8.89" } ] } @@ -270,7 +270,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V8.89" } ] } diff --git a/2023/28xxx/CVE-2023-28831.json b/2023/28xxx/CVE-2023-28831.json index b15dbc697c3..51b8a02ffb6 100644 --- a/2023/28xxx/CVE-2023-28831.json +++ b/2023/28xxx/CVE-2023-28831.json @@ -128,7 +128,7 @@ { "version_affected": "<", "version_name": "V30.0.0", - "version_value": "*" + "version_value": "V30.1.0" } ] } diff --git a/2023/46xxx/CVE-2023-46156.json b/2023/46xxx/CVE-2023-46156.json index 02e47f7b52d..250ce2e3ca6 100644 --- a/2023/46xxx/CVE-2023-46156.json +++ b/2023/46xxx/CVE-2023-46156.json @@ -64,8 +64,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V30.1.0" } ] } @@ -939,7 +940,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V3.1.2" } ] } @@ -987,7 +988,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V3.1.2" } ] } diff --git a/2023/46xxx/CVE-2023-46280.json b/2023/46xxx/CVE-2023-46280.json index fdb520a2b94..01bd02ba5d0 100644 --- a/2023/46xxx/CVE-2023-46280.json +++ b/2023/46xxx/CVE-2023-46280.json @@ -1,17 +1,421 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-46280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "S7-PCT", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Security Configuration Tool (SCT)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC Automation Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC BATCH V9.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC NET PC Software", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC PDM V9.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC Route Control V9.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V5", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC OA V3.17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC OA V3.18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.18 P025" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC OA V3.19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.19 P010" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Advanced", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Professional V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Professional V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Professional V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Runtime Professional V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified PC Runtime", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V8.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V19 SP1" + } + ] + } + }, + { + "product_name": "SINUMERIK ONE virtual", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V6.23" + } + ] + } + }, + { + "product_name": "SINUMERIK PLC Programming Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud Connector", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.0" + } + ] + } + }, + { + "product_name": "Totally Integrated Automation Portal (TIA Portal) V15.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Totally Integrated Automation Portal (TIA Portal) V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Totally Integrated Automation Portal (TIA Portal) V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Totally Integrated Automation Portal (TIA Portal) V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Totally Integrated Automation Portal (TIA Portal) V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V19 Update 2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/46xxx/CVE-2023-46281.json b/2023/46xxx/CVE-2023-46281.json index b6f5d036df6..3f13de6f5dc 100644 --- a/2023/46xxx/CVE-2023-46281.json +++ b/2023/46xxx/CVE-2023-46281.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." } ] }, @@ -71,17 +71,6 @@ ] } }, - { - "product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "All versions" - } - ] - } - }, { "product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "version": { diff --git a/2023/46xxx/CVE-2023-46282.json b/2023/46xxx/CVE-2023-46282.json index e60e4dcfe3c..cf27f7331fa 100644 --- a/2023/46xxx/CVE-2023-46282.json +++ b/2023/46xxx/CVE-2023-46282.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." } ] }, @@ -71,17 +71,6 @@ ] } }, - { - "product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "All versions" - } - ] - } - }, { "product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "version": { diff --git a/2023/46xxx/CVE-2023-46283.json b/2023/46xxx/CVE-2023-46283.json index 3375261d612..8e89b8fdf2a 100644 --- a/2023/46xxx/CVE-2023-46283.json +++ b/2023/46xxx/CVE-2023-46283.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." } ] }, @@ -71,17 +71,6 @@ ] } }, - { - "product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "All versions" - } - ] - } - }, { "product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "version": { diff --git a/2023/46xxx/CVE-2023-46284.json b/2023/46xxx/CVE-2023-46284.json index 3ab29431e1e..f9d8c4dc2d0 100644 --- a/2023/46xxx/CVE-2023-46284.json +++ b/2023/46xxx/CVE-2023-46284.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." } ] }, @@ -71,17 +71,6 @@ ] } }, - { - "product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "All versions" - } - ] - } - }, { "product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "version": { diff --git a/2023/46xxx/CVE-2023-46285.json b/2023/46xxx/CVE-2023-46285.json index db91f426357..b2aba11afd0 100644 --- a/2023/46xxx/CVE-2023-46285.json +++ b/2023/46xxx/CVE-2023-46285.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." } ] }, @@ -71,17 +71,6 @@ ] } }, - { - "product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "All versions" - } - ] - } - }, { "product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "version": { diff --git a/2023/49xxx/CVE-2023-49125.json b/2023/49xxx/CVE-2023-49125.json index e949a7d71fe..70ed9ca39e0 100644 --- a/2023/49xxx/CVE-2023-49125.json +++ b/2023/49xxx/CVE-2023-49125.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge (All versions < V223.0.11). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -72,13 +72,25 @@ } }, { - "product_name": "Solid Edge", + "product_name": "Solid Edge SE2023", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", - "version_value": "V223.0.11" + "version_value": "V223.0 Update 11" + } + ] + } + }, + { + "product_name": "Solid Edge SE2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 3" } ] } @@ -107,7 +119,7 @@ "cvss": [ { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" } diff --git a/2023/50xxx/CVE-2023-50236.json b/2023/50xxx/CVE-2023-50236.json index 3fe49bf3014..0e7c62a3c48 100644 --- a/2023/50xxx/CVE-2023-50236.json +++ b/2023/50xxx/CVE-2023-50236.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM." + "value": "A vulnerability has been identified in Polarion ALM (All versions < V2024.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM." } ] }, @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V2024.0" } ] } diff --git a/2024/1xxx/CVE-2024-1023.json b/2024/1xxx/CVE-2024-1023.json index 5e059662a05..af6432aad3c 100644 --- a/2024/1xxx/CVE-2024-1023.json +++ b/2024/1xxx/CVE-2024-1023.json @@ -160,6 +160,19 @@ ] } }, + { + "product_name": "RHINT Service Registry 2.5.11 GA", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "A-MQ Clients 2", "version": { @@ -316,19 +329,6 @@ ] } }, - { - "product_name": "Red Hat Integration Service Registry", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, { "product_name": "Red Hat JBoss A-MQ 7", "version": { @@ -456,6 +456,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:2088" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:2833", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:2833" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1023", "refsource": "MISC", diff --git a/2024/1xxx/CVE-2024-1300.json b/2024/1xxx/CVE-2024-1300.json index c2fbc495d22..ca0f456d90e 100644 --- a/2024/1xxx/CVE-2024-1300.json +++ b/2024/1xxx/CVE-2024-1300.json @@ -223,6 +223,19 @@ ] } }, + { + "product_name": "RHINT Service Registry 2.5.11 GA", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "unaffected" + } + } + ] + } + }, { "product_name": "A-MQ Clients 2", "version": { @@ -366,19 +379,6 @@ ] } }, - { - "product_name": "Red Hat Integration Service Registry", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "defaultStatus": "unknown" - } - } - ] - } - }, { "product_name": "Red Hat JBoss A-MQ 7", "version": { @@ -511,6 +511,11 @@ "refsource": "MISC", "name": "https://access.redhat.com/errata/RHSA-2024:2088" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:2833", + "refsource": "MISC", + "name": "https://access.redhat.com/errata/RHSA-2024:2833" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1300", "refsource": "MISC", diff --git a/2024/22xxx/CVE-2024-22039.json b/2024/22xxx/CVE-2024-22039.json index 5b1cdf78250..7cc24650ed7 100644 --- a/2024/22xxx/CVE-2024-22039.json +++ b/2024/22xxx/CVE-2024-22039.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\r\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges." + "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\r\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges." } ] }, @@ -48,19 +48,43 @@ } }, { - "product_name": "Cerberus PRO EN Fire Panel FC72x", + "product_name": "Cerberus PRO EN Fire Panel FC72x IP6", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", - "version_value": "IP8" + "version_value": "IP6 SR3" } ] } }, { - "product_name": "Cerberus PRO EN X200 Cloud Distribution", + "product_name": "Cerberus PRO EN Fire Panel FC72x IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "IP7 SR5" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X200 Cloud Distribution IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.6602" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X200 Cloud Distribution IP8", "version": { "version_data": [ { @@ -72,7 +96,19 @@ } }, { - "product_name": "Cerberus PRO EN X300 Cloud Distribution", + "product_name": "Cerberus PRO EN X300 Cloud Distribution IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.2.6601" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X300 Cloud Distribution IP8", "version": { "version_data": [ { @@ -83,6 +119,78 @@ ] } }, + { + "product_name": "Cerberus PRO UL Compact Panel FC922/924", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Cerberus PRO UL Engineering Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Cerberus PRO UL X300 Cloud Distribution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3.0001" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL Compact Panel FC2025/2050", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL Engineering Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL X300 Cloud Distribution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3.0001" + } + ] + } + }, { "product_name": "Sinteso FS20 EN Engineering Tool", "version": { @@ -96,19 +204,43 @@ } }, { - "product_name": "Sinteso FS20 EN Fire Panel FC20", + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP6", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", - "version_value": "MP8" + "version_value": "MP6 SR3" } ] } }, { - "product_name": "Sinteso FS20 EN X200 Cloud Distribution", + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP7 SR5" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.6602" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP8", "version": { "version_data": [ { @@ -120,7 +252,19 @@ } }, { - "product_name": "Sinteso FS20 EN X300 Cloud Distribution", + "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.2.6601" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP8", "version": { "version_data": [ { @@ -155,6 +299,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html" } ] }, diff --git a/2024/22xxx/CVE-2024-22040.json b/2024/22xxx/CVE-2024-22040.json index a05fa01c0aa..2dae044a2df 100644 --- a/2024/22xxx/CVE-2024-22040.json +++ b/2024/22xxx/CVE-2024-22040.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.\r\nThis could allow an unauthenticated remote attacker to crash the network service." + "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.\r\nThis could allow an unauthenticated remote attacker to crash the network service." } ] }, @@ -48,7 +48,31 @@ } }, { - "product_name": "Cerberus PRO EN Fire Panel FC72x", + "product_name": "Cerberus PRO EN Fire Panel FC72x IP6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN Fire Panel FC72x IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN Fire Panel FC72x IP8", "version": { "version_data": [ { @@ -60,7 +84,19 @@ } }, { - "product_name": "Cerberus PRO EN X200 Cloud Distribution", + "product_name": "Cerberus PRO EN X200 Cloud Distribution IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X200 Cloud Distribution IP8", "version": { "version_data": [ { @@ -72,7 +108,19 @@ } }, { - "product_name": "Cerberus PRO EN X300 Cloud Distribution", + "product_name": "Cerberus PRO EN X300 Cloud Distribution IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X300 Cloud Distribution IP8", "version": { "version_data": [ { @@ -83,6 +131,78 @@ ] } }, + { + "product_name": "Cerberus PRO UL Compact Panel FC922/924", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Cerberus PRO UL Engineering Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Cerberus PRO UL X300 Cloud Distribution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3.0001" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL Compact Panel FC2025/2050", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL Engineering Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL X300 Cloud Distribution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3.0001" + } + ] + } + }, { "product_name": "Sinteso FS20 EN Engineering Tool", "version": { @@ -96,7 +216,31 @@ } }, { - "product_name": "Sinteso FS20 EN Fire Panel FC20", + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP8", "version": { "version_data": [ { @@ -108,7 +252,19 @@ } }, { - "product_name": "Sinteso FS20 EN X200 Cloud Distribution", + "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP8", "version": { "version_data": [ { @@ -120,7 +276,19 @@ } }, { - "product_name": "Sinteso FS20 EN X300 Cloud Distribution", + "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP8", "version": { "version_data": [ { @@ -155,6 +323,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html" } ] }, diff --git a/2024/22xxx/CVE-2024-22041.json b/2024/22xxx/CVE-2024-22041.json index ebd3dd02ffd..69b08d58b95 100644 --- a/2024/22xxx/CVE-2024-22041.json +++ b/2024/22xxx/CVE-2024-22041.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates.\r\nThis could allow an unauthenticated remote attacker to crash the network service." + "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates.\r\nThis could allow an unauthenticated remote attacker to crash the network service." } ] }, @@ -48,7 +48,31 @@ } }, { - "product_name": "Cerberus PRO EN Fire Panel FC72x", + "product_name": "Cerberus PRO EN Fire Panel FC72x IP6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN Fire Panel FC72x IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN Fire Panel FC72x IP8", "version": { "version_data": [ { @@ -60,7 +84,19 @@ } }, { - "product_name": "Cerberus PRO EN X200 Cloud Distribution", + "product_name": "Cerberus PRO EN X200 Cloud Distribution IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X200 Cloud Distribution IP8", "version": { "version_data": [ { @@ -72,7 +108,19 @@ } }, { - "product_name": "Cerberus PRO EN X300 Cloud Distribution", + "product_name": "Cerberus PRO EN X300 Cloud Distribution IP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Cerberus PRO EN X300 Cloud Distribution IP8", "version": { "version_data": [ { @@ -83,6 +131,78 @@ ] } }, + { + "product_name": "Cerberus PRO UL Compact Panel FC922/924", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Cerberus PRO UL Engineering Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Cerberus PRO UL X300 Cloud Distribution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3.0001" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL Compact Panel FC2025/2050", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL Engineering Tool", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "MP4" + } + ] + } + }, + { + "product_name": "Desigo Fire Safety UL X300 Cloud Distribution", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V4.3.0001" + } + ] + } + }, { "product_name": "Sinteso FS20 EN Engineering Tool", "version": { @@ -96,7 +216,31 @@ } }, { - "product_name": "Sinteso FS20 EN Fire Panel FC20", + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP6", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN Fire Panel FC20 MP8", "version": { "version_data": [ { @@ -108,7 +252,19 @@ } }, { - "product_name": "Sinteso FS20 EN X200 Cloud Distribution", + "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP8", "version": { "version_data": [ { @@ -120,7 +276,19 @@ } }, { - "product_name": "Sinteso FS20 EN X300 Cloud Distribution", + "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP7", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP8", "version": { "version_data": [ { @@ -155,6 +323,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html" } ] }, diff --git a/2024/23xxx/CVE-2024-23813.json b/2024/23xxx/CVE-2024-23813.json index 14c99ee94fd..d06783b5113 100644 --- a/2024/23xxx/CVE-2024-23813.json +++ b/2024/23xxx/CVE-2024-23813.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code." + "value": "A vulnerability has been identified in Polarion ALM (All versions < V2024.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code." } ] }, @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "V2024.0" } ] } diff --git a/2024/27xxx/CVE-2024-27939.json b/2024/27xxx/CVE-2024-27939.json index a80ccaf6cef..54f71e62894 100644 --- a/2024/27xxx/CVE-2024-27939.json +++ b/2024/27xxx/CVE-2024-27939.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/27xxx/CVE-2024-27940.json b/2024/27xxx/CVE-2024-27940.json index e93c3bba900..ecc5bd4f2f0 100644 --- a/2024/27xxx/CVE-2024-27940.json +++ b/2024/27xxx/CVE-2024-27940.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/27xxx/CVE-2024-27941.json b/2024/27xxx/CVE-2024-27941.json index e85057a4d06..ca875bffd6e 100644 --- a/2024/27xxx/CVE-2024-27941.json +++ b/2024/27xxx/CVE-2024-27941.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/27xxx/CVE-2024-27942.json b/2024/27xxx/CVE-2024-27942.json index 629bdb233be..61795b26ceb 100644 --- a/2024/27xxx/CVE-2024-27942.json +++ b/2024/27xxx/CVE-2024-27942.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27942", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" } ] } diff --git a/2024/27xxx/CVE-2024-27943.json b/2024/27xxx/CVE-2024-27943.json index 09be24517dd..ecbeea0d0d7 100644 --- a/2024/27xxx/CVE-2024-27943.json +++ b/2024/27xxx/CVE-2024-27943.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/27xxx/CVE-2024-27944.json b/2024/27xxx/CVE-2024-27944.json index 214b46c82ed..66a1e4ca1db 100644 --- a/2024/27xxx/CVE-2024-27944.json +++ b/2024/27xxx/CVE-2024-27944.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27944", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/27xxx/CVE-2024-27945.json b/2024/27xxx/CVE-2024-27945.json index c1aa1130ffa..dcff30c8155 100644 --- a/2024/27xxx/CVE-2024-27945.json +++ b/2024/27xxx/CVE-2024-27945.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27945", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-73: External Control of File Name or Path", + "cweId": "CWE-73" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/27xxx/CVE-2024-27946.json b/2024/27xxx/CVE-2024-27946.json index 71607742985..124e2e89d82 100644 --- a/2024/27xxx/CVE-2024-27946.json +++ b/2024/27xxx/CVE-2024-27946.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27946", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the \r\ninstallation directory of the affected systems. The filename for \r\nthe target file can be specified, thus arbitrary files can be \r\noverwritten by an attacker with the required privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/27xxx/CVE-2024-27947.json b/2024/27xxx/CVE-2024-27947.json index 1f7e2921c01..7afa64338c6 100644 --- a/2024/27xxx/CVE-2024-27947.json +++ b/2024/27xxx/CVE-2024-27947.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-27947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM CROSSBOW", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/30xxx/CVE-2024-30206.json b/2024/30xxx/CVE-2024-30206.json index 69fcbc182c8..d57d4637fc0 100644 --- a/2024/30xxx/CVE-2024-30206.json +++ b/2024/30xxx/CVE-2024-30206.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30206", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. \r\nA successful exploit requires the attacker to be able to modify the communication between server and client on the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494: Download of Code Without Integrity Check", + "cweId": "CWE-494" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/30xxx/CVE-2024-30207.json b/2024/30xxx/CVE-2024-30207.json index a8a025765b8..1407e8058d3 100644 --- a/2024/30xxx/CVE-2024-30207.json +++ b/2024/30xxx/CVE-2024-30207.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system.\r\nA successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321: Use of Hard-coded Cryptographic Key", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 10, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/30xxx/CVE-2024-30208.json b/2024/30xxx/CVE-2024-30208.json index 815406e8675..3190e53eb47 100644 --- a/2024/30xxx/CVE-2024-30208.json +++ b/2024/30xxx/CVE-2024-30208.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The \"DBTest\" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/30xxx/CVE-2024-30209.json b/2024/30xxx/CVE-2024-30209.json index a399e8e5a77..092fb50b50e 100644 --- a/2024/30xxx/CVE-2024-30209.json +++ b/2024/30xxx/CVE-2024-30209.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-30209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/31xxx/CVE-2024-31484.json b/2024/31xxx/CVE-2024-31484.json index e4425702f98..471fedacfc8 100644 --- a/2024/31xxx/CVE-2024-31484.json +++ b/2024/31xxx/CVE-2024-31484.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31484", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30). The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-170: Improper Null Termination", + "cweId": "CWE-170" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "CPC80 Central Processing/Communication", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V16.41" + } + ] + } + }, + { + "product_name": "CPCI85 Central Processing/Communication", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.30" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/31xxx/CVE-2024-31485.json b/2024/31xxx/CVE-2024-31485.json index 431f6ca7c57..5cdc5db107f 100644 --- a/2024/31xxx/CVE-2024-31485.json +++ b/2024/31xxx/CVE-2024-31485.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31485", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "CPCI85 Central Processing/Communication", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.30" + } + ] + } + }, + { + "product_name": "SICORE Base system", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH" } ] } diff --git a/2024/31xxx/CVE-2024-31486.json b/2024/31xxx/CVE-2024-31486.json index 0f62903d68a..4ca66086f92 100644 --- a/2024/31xxx/CVE-2024-31486.json +++ b/2024/31xxx/CVE-2024-31486.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information", + "cweId": "CWE-312" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "OPUPI0 AMQP/MQTT", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V5.30" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/31xxx/CVE-2024-31980.json b/2024/31xxx/CVE-2024-31980.json index c7c84afcc80..adbb18df040 100644 --- a/2024/31xxx/CVE-2024-31980.json +++ b/2024/31xxx/CVE-2024-31980.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Parasolid V35.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V35.1.256" + } + ] + } + }, + { + "product_name": "Parasolid V36.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.0.210" + } + ] + } + }, + { + "product_name": "Parasolid V36.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.1.185" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-489698.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-489698.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32055.json b/2024/32xxx/CVE-2024-32055.json index 71c700cec6b..fb336c18fa3 100644 --- a/2024/32xxx/CVE-2024-32055.json +++ b/2024/32xxx/CVE-2024-32055.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32055", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32057.json b/2024/32xxx/CVE-2024-32057.json index 95245647f85..0eef649a9c4 100644 --- a/2024/32xxx/CVE-2024-32057.json +++ b/2024/32xxx/CVE-2024-32057.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32057", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", + "cweId": "CWE-843" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32058.json b/2024/32xxx/CVE-2024-32058.json index d25036c2161..9587cab34a3 100644 --- a/2024/32xxx/CVE-2024-32058.json +++ b/2024/32xxx/CVE-2024-32058.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32058", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32059.json b/2024/32xxx/CVE-2024-32059.json index f1accffbe9a..f8c83d7f4b3 100644 --- a/2024/32xxx/CVE-2024-32059.json +++ b/2024/32xxx/CVE-2024-32059.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32059", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32060.json b/2024/32xxx/CVE-2024-32060.json index 026ce4f7f8c..aa6a6a046bd 100644 --- a/2024/32xxx/CVE-2024-32060.json +++ b/2024/32xxx/CVE-2024-32060.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32060", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32061.json b/2024/32xxx/CVE-2024-32061.json index 84692a4ee5a..5ca9efa2d99 100644 --- a/2024/32xxx/CVE-2024-32061.json +++ b/2024/32xxx/CVE-2024-32061.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32061", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32062.json b/2024/32xxx/CVE-2024-32062.json index d77ffa98c2b..131213a2d31 100644 --- a/2024/32xxx/CVE-2024-32062.json +++ b/2024/32xxx/CVE-2024-32062.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32062", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", + "cweId": "CWE-843" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32063.json b/2024/32xxx/CVE-2024-32063.json index 2fcdd6fbc69..6d0caf2e314 100644 --- a/2024/32xxx/CVE-2024-32063.json +++ b/2024/32xxx/CVE-2024-32063.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32063", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", + "cweId": "CWE-843" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32064.json b/2024/32xxx/CVE-2024-32064.json index 6bf4bc6cc72..fa52889e193 100644 --- a/2024/32xxx/CVE-2024-32064.json +++ b/2024/32xxx/CVE-2024-32064.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32064", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32065.json b/2024/32xxx/CVE-2024-32065.json index cd990f3c528..e3e0fb51a89 100644 --- a/2024/32xxx/CVE-2024-32065.json +++ b/2024/32xxx/CVE-2024-32065.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32065", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32066.json b/2024/32xxx/CVE-2024-32066.json index b88ab6983b3..2cf02590f5e 100644 --- a/2024/32xxx/CVE-2024-32066.json +++ b/2024/32xxx/CVE-2024-32066.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32066", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "PS/IGES Parasolid Translator Component", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V27.1.215" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32077.json b/2024/32xxx/CVE-2024-32077.json index 329015d43bb..0f8c18ab6d5 100644 --- a/2024/32xxx/CVE-2024-32077.json +++ b/2024/32xxx/CVE-2024-32077.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32077", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.\u00a0\nUsers are recommended to upgrade to version 2.9.1, which fixes this issue.\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.9.0", + "version_value": "2.9.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apache/airflow/pull/38882", + "refsource": "MISC", + "name": "https://github.com/apache/airflow/pull/38882" + }, + { + "url": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Ming" + }, + { + "lang": "en", + "value": "Jens Scheffler" + } + ] } \ No newline at end of file diff --git a/2024/32xxx/CVE-2024-32635.json b/2024/32xxx/CVE-2024-32635.json index 7d910ff2dba..c64c3519639 100644 --- a/2024/32xxx/CVE-2024-32635.json +++ b/2024/32xxx/CVE-2024-32635.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Parasolid V35.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V35.1.256" + } + ] + } + }, + { + "product_name": "Parasolid V36.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.0.208" + } + ] + } + }, + { + "product_name": "Parasolid V36.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.1.173" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32636.json b/2024/32xxx/CVE-2024-32636.json index 3feed738f16..ce1f33bc5e8 100644 --- a/2024/32xxx/CVE-2024-32636.json +++ b/2024/32xxx/CVE-2024-32636.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Parasolid V35.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V35.1.256" + } + ] + } + }, + { + "product_name": "Parasolid V36.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.0.208" + } + ] + } + }, + { + "product_name": "Parasolid V36.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.1.173" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32637.json b/2024/32xxx/CVE-2024-32637.json index 257928408c0..24fccd70328 100644 --- a/2024/32xxx/CVE-2024-32637.json +++ b/2024/32xxx/CVE-2024-32637.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476: NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Parasolid V35.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V35.1.256" + } + ] + } + }, + { + "product_name": "Parasolid V36.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.0.208" + } + ] + } + }, + { + "product_name": "Parasolid V36.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.1.173" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/32xxx/CVE-2024-32639.json b/2024/32xxx/CVE-2024-32639.json index 7355b9f04b2..08d39d88a1d 100644 --- a/2024/32xxx/CVE-2024-32639.json +++ b/2024/32xxx/CVE-2024-32639.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0011" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-923361.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-923361.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/32xxx/CVE-2024-32740.json b/2024/32xxx/CVE-2024-32740.json index 0d324dbae27..cee9e880e73 100644 --- a/2024/32xxx/CVE-2024-32740.json +++ b/2024/32xxx/CVE-2024-32740.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32740", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device\r\nlocally or over the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC CN 4100", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/32xxx/CVE-2024-32741.json b/2024/32xxx/CVE-2024-32741.json index 22fdb9035d0..b9289ab4d6f 100644 --- a/2024/32xxx/CVE-2024-32741.json +++ b/2024/32xxx/CVE-2024-32741.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32741", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-259: Use of Hard-coded Password", + "cweId": "CWE-259" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC CN 4100", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 10, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/32xxx/CVE-2024-32742.json b/2024/32xxx/CVE-2024-32742.json index c04385b5084..a81b3a66f22 100644 --- a/2024/32xxx/CVE-2024-32742.json +++ b/2024/32xxx/CVE-2024-32742.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-32742", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1326: Missing Immutable Root of Trust in Hardware", + "cweId": "CWE-1326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC CN 4100", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.6, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33489.json b/2024/33xxx/CVE-2024-33489.json index bd86c633cff..fac409b30d2 100644 --- a/2024/33xxx/CVE-2024-33489.json +++ b/2024/33xxx/CVE-2024-33489.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33489", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33490.json b/2024/33xxx/CVE-2024-33490.json index 1311820c8b2..ce1e38da271 100644 --- a/2024/33xxx/CVE-2024-33490.json +++ b/2024/33xxx/CVE-2024-33490.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33490", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33491.json b/2024/33xxx/CVE-2024-33491.json index f6eaf6e8080..b42fb87234d 100644 --- a/2024/33xxx/CVE-2024-33491.json +++ b/2024/33xxx/CVE-2024-33491.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33491", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33492.json b/2024/33xxx/CVE-2024-33492.json index 8b7a0486a36..40ddb15a89d 100644 --- a/2024/33xxx/CVE-2024-33492.json +++ b/2024/33xxx/CVE-2024-33492.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33493.json b/2024/33xxx/CVE-2024-33493.json index e0986f67d55..8cceb056970 100644 --- a/2024/33xxx/CVE-2024-33493.json +++ b/2024/33xxx/CVE-2024-33493.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33494.json b/2024/33xxx/CVE-2024-33494.json index 42fb6c076e2..6bec83c98c3 100644 --- a/2024/33xxx/CVE-2024-33494.json +++ b/2024/33xxx/CVE-2024-33494.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/33xxx/CVE-2024-33495.json b/2024/33xxx/CVE-2024-33495.json index 0da3f526808..b313e70572e 100644 --- a/2024/33xxx/CVE-2024-33495.json +++ b/2024/33xxx/CVE-2024-33495.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770: Allocation of Resources Without Limits or Throttling", + "cweId": "CWE-770" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/33xxx/CVE-2024-33496.json b/2024/33xxx/CVE-2024-33496.json index f0649d3d66d..303f1c28cfa 100644 --- a/2024/33xxx/CVE-2024-33496.json +++ b/2024/33xxx/CVE-2024-33496.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/33xxx/CVE-2024-33497.json b/2024/33xxx/CVE-2024-33497.json index 415563f9c39..a5aaaecb939 100644 --- a/2024/33xxx/CVE-2024-33497.json +++ b/2024/33xxx/CVE-2024-33497.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/33xxx/CVE-2024-33498.json b/2024/33xxx/CVE-2024-33498.json index 380aeb62921..509d3b90473 100644 --- a/2024/33xxx/CVE-2024-33498.json +++ b/2024/33xxx/CVE-2024-33498.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/33xxx/CVE-2024-33499.json b/2024/33xxx/CVE-2024-33499.json index 31ce3f87378..c18c982a14e 100644 --- a/2024/33xxx/CVE-2024-33499.json +++ b/2024/33xxx/CVE-2024-33499.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33499", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/33xxx/CVE-2024-33577.json b/2024/33xxx/CVE-2024-33577.json index f25c6764ce2..d8c43a14b7f 100644 --- a/2024/33xxx/CVE-2024-33577.json +++ b/2024/33xxx/CVE-2024-33577.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.90). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Nastran 2306", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Simcenter Nastran 2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Simcenter Nastran 2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.90" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/33xxx/CVE-2024-33583.json b/2024/33xxx/CVE-2024-33583.json index 21c59dbf3e8..3bc82a28d7e 100644 --- a/2024/33xxx/CVE-2024-33583.json +++ b/2024/33xxx/CVE-2024-33583.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-912: Hidden Functionality", + "cweId": "CWE-912" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC RTLS Locating Manager", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.0.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", + "baseScore": 3.3, + "baseSeverity": "LOW" } ] } diff --git a/2024/33xxx/CVE-2024-33647.json b/2024/33xxx/CVE-2024-33647.json index 8b8e96a8622..733c5be6556 100644 --- a/2024/33xxx/CVE-2024-33647.json +++ b/2024/33xxx/CVE-2024-33647.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-33647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Polarion ALM", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2404.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-925850.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-925850.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/34xxx/CVE-2024-34085.json b/2024/34xxx/CVE-2024-34085.json index 0b31cd7a91d..a3c058e20f4 100644 --- a/2024/34xxx/CVE-2024-34085.json +++ b/2024/34xxx/CVE-2024-34085.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34085", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "JT2Go", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0001" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.1.0.13" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.10" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.7" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/34xxx/CVE-2024-34086.json b/2024/34xxx/CVE-2024-34086.json index 8c519d646da..5c88684ec6e 100644 --- a/2024/34xxx/CVE-2024-34086.json +++ b/2024/34xxx/CVE-2024-34086.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34086", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.\r\nThis could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "JT2Go", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0001" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.1.0.13" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.10" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.7" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0001" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/34xxx/CVE-2024-34771.json b/2024/34xxx/CVE-2024-34771.json index 23de433b9f2..3d92a2fb127 100644 --- a/2024/34xxx/CVE-2024-34771.json +++ b/2024/34xxx/CVE-2024-34771.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34771", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/34xxx/CVE-2024-34772.json b/2024/34xxx/CVE-2024-34772.json index af2914dd8de..0d488ae7eb2 100644 --- a/2024/34xxx/CVE-2024-34772.json +++ b/2024/34xxx/CVE-2024-34772.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34772", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/34xxx/CVE-2024-34773.json b/2024/34xxx/CVE-2024-34773.json index c01ba8ec8f8..17630e31976 100644 --- a/2024/34xxx/CVE-2024-34773.json +++ b/2024/34xxx/CVE-2024-34773.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/4xxx/CVE-2024-4862.json b/2024/4xxx/CVE-2024-4862.json new file mode 100644 index 00000000000..03779b3b2a1 --- /dev/null +++ b/2024/4xxx/CVE-2024-4862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/4xxx/CVE-2024-4863.json b/2024/4xxx/CVE-2024-4863.json new file mode 100644 index 00000000000..09a2db7184b --- /dev/null +++ b/2024/4xxx/CVE-2024-4863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-4863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file