admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-14 11:00:33 +00:00
parent 6f634a5f90
commit 2bde95bc14
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
80 changed files with 4955 additions and 546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
2019/19xxx/CVE-2019-19300.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions), SIMATIC S7-300 CPU 315-2 PN/DP (All versions), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317-2 PN/DP (All versions), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions), SIMATIC S7-300 CPU 319-3 PN/DP (All versions), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions), SIPLUS NET PN/PN Coupler (All versions >= V4.2), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions), SIPLUS S7-300 CPU 315-2 PN/DP (All versions), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions), SIPLUS S7-300 CPU 317-2 PN/DP (All versions), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service."
} }
] ]
}, },
@ -106,8 +106,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -117,8 +118,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -128,8 +130,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -139,8 +142,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -150,8 +154,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -161,8 +166,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V2.0" "version_name": "0",
"version_value": "V2.0"
} }
] ]
} }
@ -172,8 +178,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V2.0" "version_name": "0",
"version_value": "V2.0"
} }
] ]
} }
@ -194,8 +201,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -231,8 +239,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -242,8 +251,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -253,8 +263,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.3"
} }
] ]
} }
@ -264,8 +275,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -275,8 +287,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -418,8 +431,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -429,8 +443,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -440,8 +455,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -451,8 +467,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -462,8 +479,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -473,8 +491,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -484,8 +503,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -495,8 +515,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -506,8 +527,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -517,8 +539,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -550,8 +573,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -561,8 +585,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -572,8 +597,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -583,8 +609,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -627,8 +654,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -638,8 +666,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -660,8 +689,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -671,8 +701,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -682,8 +713,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -693,8 +725,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -704,8 +737,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -722,6 +756,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf" "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-593272.html"
} }
] ]
}, },

82
2022/24xxx/CVE-2022-24309.json
View File

@ -1,12 +1,33 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-24309",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-24309",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
@ -19,7 +40,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "All versions < V7.23.29" "version_affected": "<",
"version_name": "0",
"version_value": "V7.23.29"
} }
] ]
} }
@ -29,7 +52,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "All versions < V8.18.16" "version_affected": "<",
"version_name": "0",
"version_value": "V8.18.16"
} }
] ]
} }
@ -39,7 +64,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "All deployments with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False" "version_affected": "<",
"version_name": "0",
"version_value": "V9.13"
} }
] ]
} }
@ -50,32 +77,27 @@
] ]
} }
}, },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All deployments with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data."
}
]
},
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf" "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
} }
] ]
} }

134
2022/25xxx/CVE-2022-25622.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L, SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L, SIMATIC ET200ecoPN, DI 16x24VDC, M12-L, SIMATIC ET200ecoPN, DI 8x24VDC, M12-L, SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L, SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L, SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler, SIMATIC PN/PN Coupler, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210, SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS HCS4200 CIM4210, SIPLUS HCS4200 CIM4210C, SIPLUS HCS4300 CIM4310, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments." "value": "A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0), SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0), SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210 (6SL5...), SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0), SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0), SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
} }
] ]
}, },
@ -128,8 +128,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -165,8 +166,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -176,8 +178,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -187,8 +190,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.3"
} }
] ]
} }
@ -198,8 +202,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -209,8 +214,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V5.1.1" "version_name": "V5.1.1",
"version_value": "V5.1.2"
} }
] ]
} }
@ -429,8 +435,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -440,8 +447,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -451,8 +459,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -462,8 +471,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -473,8 +483,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -484,8 +495,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V6.0.10" "version_name": "0",
"version_value": "V6.0.10"
} }
] ]
} }
@ -506,8 +518,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V8.2.3" "version_name": "0",
"version_value": "V8.2.3"
} }
] ]
} }
@ -517,8 +530,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V1.1.10" "version_name": "0",
"version_value": "V1.1.10"
} }
] ]
} }
@ -528,8 +542,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V1.2.1" "version_name": "0",
"version_value": "V1.2.1"
} }
] ]
} }
@ -572,8 +587,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V4.7.14 with Ethernet interface" "version_name": "0",
"version_value": "V4.7.14"
} }
] ]
} }
@ -583,8 +599,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V4.7.14 with Ethernet interface" "version_name": "0",
"version_value": "V4.7.14"
} }
] ]
} }
@ -594,8 +611,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V4.7.14 with Ethernet interface" "version_name": "0",
"version_value": "V4.7 SP14"
} }
] ]
} }
@ -605,8 +623,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V5.2.3.13" "version_name": "0",
"version_value": "V5.2.3.13"
} }
] ]
} }
@ -616,8 +635,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V5.2.3.13" "version_name": "0",
"version_value": "V5.2.3.13"
} }
] ]
} }
@ -638,8 +658,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V5.2.3.13" "version_name": "0",
"version_value": "V5.2 SP3 HF13"
} }
] ]
} }
@ -649,19 +670,21 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V5.2.3.13" "version_name": "0",
"version_value": "V5.2.3.13"
} }
] ]
} }
}, },
{ {
"product_name": "SINAMICS S210", "product_name": "SINAMICS S210 (6SL5...)",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -803,8 +826,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -814,8 +838,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -832,6 +857,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf" "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-446448.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-446448.html"
} }
] ]
}, },

73
2022/38xxx/CVE-2022-38371.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (Versions including affected FTP server), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server." "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server."
} }
] ]
}, },
@ -84,8 +84,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V3.5.7"
} }
] ]
} }
@ -95,8 +96,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V2.8.21"
} }
] ]
} }
@ -106,8 +108,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V3.5.7"
} }
] ]
} }
@ -117,8 +120,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V2.8.21"
} }
] ]
} }
@ -128,8 +132,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V2.3" "version_name": "V2.3",
"version_value": "*"
} }
] ]
} }
@ -150,8 +155,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V2.3" "version_name": "V2.3",
"version_value": "*"
} }
] ]
} }
@ -172,8 +178,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V2.3" "version_name": "V2.3",
"version_value": "*"
} }
] ]
} }
@ -260,8 +267,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions >= V2.3" "version_name": "V2.3",
"version_value": "*"
} }
] ]
} }
@ -315,8 +323,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "Versions including affected FTP server" "version_name": "0",
"version_value": "*"
} }
] ]
} }
@ -326,8 +335,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V3.5.7"
} }
] ]
} }
@ -337,8 +347,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V3.5.7"
} }
] ]
} }
@ -351,15 +362,25 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf"
},
{ {
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf" "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf"
}, },
{ {
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf", "url": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf" "name": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html"
} }
] ]
}, },
@ -367,7 +388,7 @@
"cvss": [ "cvss": [
{ {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5, "baseScore": 7.5,
"baseSeverity": "HIGH" "baseSeverity": "HIGH"
} }

34
2022/45xxx/CVE-2022-45044.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack." "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack."
} }
] ]
}, },
@ -304,9 +304,8 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<", "version_affected": "=",
"version_name": "0", "version_value": "All versions < V8.89"
"version_value": "*"
} }
] ]
} }
@ -327,9 +326,8 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<", "version_affected": "=",
"version_name": "0", "version_value": "All versions < V8.89"
"version_value": "*"
} }
] ]
} }
@ -396,9 +394,8 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<", "version_affected": "=",
"version_name": "0", "version_value": "All versions < V8.89"
"version_value": "*"
} }
] ]
} }
@ -737,13 +734,17 @@
"product_name": "SIPROTEC 5 Communication Module ETH-BA-2EL", "product_name": "SIPROTEC 5 Communication Module ETH-BA-2EL",
"version": { "version": {
"version_data": [ "version_data": [
{
"version_affected": "=",
"version_value": "All versions < V8.89 installed on CP100 devices"
},
{ {
"version_affected": "=", "version_affected": "=",
"version_value": "All versions < V9.50 installed on CP150 and CP300 devices" "version_value": "All versions < V9.50 installed on CP150 and CP300 devices"
}, },
{ {
"version_affected": "=", "version_affected": "=",
"version_value": "All versions installed on CP100 and CP200 devices" "version_value": "All versions installed on CP200 devices"
} }
] ]
} }
@ -752,13 +753,17 @@
"product_name": "SIPROTEC 5 Communication Module ETH-BB-2FO", "product_name": "SIPROTEC 5 Communication Module ETH-BB-2FO",
"version": { "version": {
"version_data": [ "version_data": [
{
"version_affected": "=",
"version_value": "All versions < V8.89 installed on CP100 devices"
},
{ {
"version_affected": "=", "version_affected": "=",
"version_value": "All versions < V9.50 installed on CP150 and CP300 devices" "version_value": "All versions < V9.50 installed on CP150 and CP300 devices"
}, },
{ {
"version_affected": "=", "version_affected": "=",
"version_value": "All versions installed on CP100 and CP200 devices" "version_value": "All versions installed on CP200 devices"
} }
] ]
} }
@ -768,8 +773,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions < V9.50" "version_name": "0",
"version_value": "V9.50"
} }
] ]
} }

4
2023/25xxx/CVE-2023-25910.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server." "value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server."
} }
] ]
}, },
@ -54,7 +54,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "*" "version_value": "V5.7 SP1 HF1"
} }
] ]
} }

8
2023/28xxx/CVE-2023-28766.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device." "value": "A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device."
} }
] ]
}, },
@ -198,7 +198,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "*" "version_value": "V8.89"
} }
] ]
} }
@ -222,7 +222,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "*" "version_value": "V8.89"
} }
] ]
} }
@ -270,7 +270,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "*" "version_value": "V8.89"
} }
] ]
} }

2
2023/28xxx/CVE-2023-28831.json
View File

@ -128,7 +128,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "V30.0.0", "version_name": "V30.0.0",
"version_value": "*" "version_value": "V30.1.0"
} }
] ]
} }

9
2023/46xxx/CVE-2023-46156.json
View File

@ -64,8 +64,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V30.1.0"
} }
] ]
} }
@ -939,7 +940,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "*" "version_value": "V3.1.2"
} }
] ]
} }
@ -987,7 +988,7 @@
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "*" "version_value": "V3.1.2"
} }
] ]
} }

412
2023/46xxx/CVE-2023-46280.json
View File

@ -1,17 +1,421 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-46280", "ID": "CVE-2023-46280",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "S7-PCT",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Security Configuration Tool (SCT)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC Automation Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC BATCH V9.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC PDM V9.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC Route Control V9.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC OA V3.17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC OA V3.18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.18 P025"
}
]
}
},
{
"product_name": "SIMATIC WinCC OA V3.19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.19 P010"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified PC Runtime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V8.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V19 SP1"
}
]
}
},
{
"product_name": "SINUMERIK ONE virtual",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V6.23"
}
]
}
},
{
"product_name": "SINUMERIK PLC Programming Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud Connector",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.0"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V19 Update 2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
} }
] ]
} }

13
2023/46xxx/CVE-2023-46281.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
} }
] ]
}, },
@ -71,17 +71,6 @@
] ]
} }
}, },
{
"product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{ {
"product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "product_name": "Totally Integrated Automation Portal (TIA Portal) V14",
"version": { "version": {

13
2023/46xxx/CVE-2023-46282.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
} }
] ]
}, },
@ -71,17 +71,6 @@
] ]
} }
}, },
{
"product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{ {
"product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "product_name": "Totally Integrated Automation Portal (TIA Portal) V14",
"version": { "version": {

13
2023/46xxx/CVE-2023-46283.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
} }
] ]
}, },
@ -71,17 +71,6 @@
] ]
} }
}, },
{
"product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{ {
"product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "product_name": "Totally Integrated Automation Portal (TIA Portal) V14",
"version": { "version": {

13
2023/46xxx/CVE-2023-46284.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
} }
] ]
}, },
@ -71,17 +71,6 @@
] ]
} }
}, },
{
"product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{ {
"product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "product_name": "Totally Integrated Automation Portal (TIA Portal) V14",
"version": { "version": {

13
2023/46xxx/CVE-2023-46285.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
} }
] ]
}, },
@ -71,17 +71,6 @@
] ]
} }
}, },
{
"product_name": "SINUMERIK Integrate RunMyHMI\u00a0/Automotive",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{ {
"product_name": "Totally Integrated Automation Portal (TIA Portal) V14", "product_name": "Totally Integrated Automation Portal (TIA Portal) V14",
"version": { "version": {

20
2023/49xxx/CVE-2023-49125.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge (All versions < V223.0.11). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process." "value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process."
} }
] ]
}, },
@ -72,13 +72,25 @@
} }
}, },
{ {
"product_name": "Solid Edge", "product_name": "Solid Edge SE2023",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "V223.0.11" "version_value": "V223.0 Update 11"
}
]
}
},
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 3"
} }
] ]
} }
@ -107,7 +119,7 @@
"cvss": [ "cvss": [
{ {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8, "baseScore": 7.8,
"baseSeverity": "HIGH" "baseSeverity": "HIGH"
} }

7
2023/50xxx/CVE-2023-50236.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM." "value": "A vulnerability has been identified in Polarion ALM (All versions < V2024.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM."
} }
] ]
}, },
@ -40,8 +40,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V2024.0"
} }
] ]
} }

31
2024/1xxx/CVE-2024-1023.json
View File

@ -160,6 +160,19 @@
] ]
} }
}, },
{
"product_name": "RHINT Service Registry 2.5.11 GA",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{ {
"product_name": "A-MQ Clients 2", "product_name": "A-MQ Clients 2",
"version": { "version": {
@ -316,19 +329,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Integration Service Registry",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{ {
"product_name": "Red Hat JBoss A-MQ 7", "product_name": "Red Hat JBoss A-MQ 7",
"version": { "version": {
@ -456,6 +456,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2088" "name": "https://access.redhat.com/errata/RHSA-2024:2088"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:2833",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2833"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-1023", "url": "https://access.redhat.com/security/cve/CVE-2024-1023",
"refsource": "MISC", "refsource": "MISC",

31
2024/1xxx/CVE-2024-1300.json
View File

@ -223,6 +223,19 @@
] ]
} }
}, },
{
"product_name": "RHINT Service Registry 2.5.11 GA",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{ {
"product_name": "A-MQ Clients 2", "product_name": "A-MQ Clients 2",
"version": { "version": {
@ -366,19 +379,6 @@
] ]
} }
}, },
{
"product_name": "Red Hat Integration Service Registry",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{ {
"product_name": "Red Hat JBoss A-MQ 7", "product_name": "Red Hat JBoss A-MQ 7",
"version": { "version": {
@ -511,6 +511,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2088" "name": "https://access.redhat.com/errata/RHSA-2024:2088"
}, },
{
"url": "https://access.redhat.com/errata/RHSA-2024:2833",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2024:2833"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2024-1300", "url": "https://access.redhat.com/security/cve/CVE-2024-1300",
"refsource": "MISC", "refsource": "MISC",

167
2024/22xxx/CVE-2024-22039.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\r\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges." "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All versions < IP7 SR5), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions < V3.0.6602), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions < V3.2.6601), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.2.5015), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions < MP6 SR3), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions < MP7 SR5), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions < V3.0.6602), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions < V3.2.6601), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow.\r\nThis could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges."
} }
] ]
}, },
@ -48,19 +48,43 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN Fire Panel FC72x", "product_name": "Cerberus PRO EN Fire Panel FC72x IP6",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "IP8" "version_value": "IP6 SR3"
} }
] ]
} }
}, },
{ {
"product_name": "Cerberus PRO EN X200 Cloud Distribution", "product_name": "Cerberus PRO EN Fire Panel FC72x IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "IP7 SR5"
}
]
}
},
{
"product_name": "Cerberus PRO EN X200 Cloud Distribution IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.6602"
}
]
}
},
{
"product_name": "Cerberus PRO EN X200 Cloud Distribution IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -72,7 +96,19 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN X300 Cloud Distribution", "product_name": "Cerberus PRO EN X300 Cloud Distribution IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.2.6601"
}
]
}
},
{
"product_name": "Cerberus PRO EN X300 Cloud Distribution IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -83,6 +119,78 @@
] ]
} }
}, },
{
"product_name": "Cerberus PRO UL Compact Panel FC922/924",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Cerberus PRO UL Engineering Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Cerberus PRO UL X300 Cloud Distribution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.3.0001"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL Compact Panel FC2025/2050",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL Engineering Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL X300 Cloud Distribution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.3.0001"
}
]
}
},
{ {
"product_name": "Sinteso FS20 EN Engineering Tool", "product_name": "Sinteso FS20 EN Engineering Tool",
"version": { "version": {
@ -96,19 +204,43 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN Fire Panel FC20", "product_name": "Sinteso FS20 EN Fire Panel FC20 MP6",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<", "version_affected": "<",
"version_name": "0", "version_name": "0",
"version_value": "MP8" "version_value": "MP6 SR3"
} }
] ]
} }
}, },
{ {
"product_name": "Sinteso FS20 EN X200 Cloud Distribution", "product_name": "Sinteso FS20 EN Fire Panel FC20 MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP7 SR5"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X200 Cloud Distribution MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.6602"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X200 Cloud Distribution MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -120,7 +252,19 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN X300 Cloud Distribution", "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.2.6601"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X300 Cloud Distribution MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -155,6 +299,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html" "name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html"
} }
] ]
}, },

187
2024/22xxx/CVE-2024-22040.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.\r\nThis could allow an unauthenticated remote attacker to crash the network service." "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread.\r\nThis could allow an unauthenticated remote attacker to crash the network service."
} }
] ]
}, },
@ -48,7 +48,31 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN Fire Panel FC72x", "product_name": "Cerberus PRO EN Fire Panel FC72x IP6",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN Fire Panel FC72x IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN Fire Panel FC72x IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -60,7 +84,19 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN X200 Cloud Distribution", "product_name": "Cerberus PRO EN X200 Cloud Distribution IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN X200 Cloud Distribution IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -72,7 +108,19 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN X300 Cloud Distribution", "product_name": "Cerberus PRO EN X300 Cloud Distribution IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN X300 Cloud Distribution IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -83,6 +131,78 @@
] ]
} }
}, },
{
"product_name": "Cerberus PRO UL Compact Panel FC922/924",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Cerberus PRO UL Engineering Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Cerberus PRO UL X300 Cloud Distribution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.3.0001"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL Compact Panel FC2025/2050",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL Engineering Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL X300 Cloud Distribution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.3.0001"
}
]
}
},
{ {
"product_name": "Sinteso FS20 EN Engineering Tool", "product_name": "Sinteso FS20 EN Engineering Tool",
"version": { "version": {
@ -96,7 +216,31 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN Fire Panel FC20", "product_name": "Sinteso FS20 EN Fire Panel FC20 MP6",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN Fire Panel FC20 MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN Fire Panel FC20 MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -108,7 +252,19 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN X200 Cloud Distribution", "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X200 Cloud Distribution MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -120,7 +276,19 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN X300 Cloud Distribution", "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X300 Cloud Distribution MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -155,6 +323,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html" "name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html"
} }
] ]
}, },

187
2024/22xxx/CVE-2024-22041.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates.\r\nThis could allow an unauthenticated remote attacker to crash the network service." "value": "A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates.\r\nThis could allow an unauthenticated remote attacker to crash the network service."
} }
] ]
}, },
@ -48,7 +48,31 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN Fire Panel FC72x", "product_name": "Cerberus PRO EN Fire Panel FC72x IP6",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN Fire Panel FC72x IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN Fire Panel FC72x IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -60,7 +84,19 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN X200 Cloud Distribution", "product_name": "Cerberus PRO EN X200 Cloud Distribution IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN X200 Cloud Distribution IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -72,7 +108,19 @@
} }
}, },
{ {
"product_name": "Cerberus PRO EN X300 Cloud Distribution", "product_name": "Cerberus PRO EN X300 Cloud Distribution IP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Cerberus PRO EN X300 Cloud Distribution IP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -83,6 +131,78 @@
] ]
} }
}, },
{
"product_name": "Cerberus PRO UL Compact Panel FC922/924",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Cerberus PRO UL Engineering Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Cerberus PRO UL X300 Cloud Distribution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.3.0001"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL Compact Panel FC2025/2050",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL Engineering Tool",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "MP4"
}
]
}
},
{
"product_name": "Desigo Fire Safety UL X300 Cloud Distribution",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.3.0001"
}
]
}
},
{ {
"product_name": "Sinteso FS20 EN Engineering Tool", "product_name": "Sinteso FS20 EN Engineering Tool",
"version": { "version": {
@ -96,7 +216,31 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN Fire Panel FC20", "product_name": "Sinteso FS20 EN Fire Panel FC20 MP6",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN Fire Panel FC20 MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN Fire Panel FC20 MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -108,7 +252,19 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN X200 Cloud Distribution", "product_name": "Sinteso FS20 EN X200 Cloud Distribution MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X200 Cloud Distribution MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -120,7 +276,19 @@
} }
}, },
{ {
"product_name": "Sinteso FS20 EN X300 Cloud Distribution", "product_name": "Sinteso FS20 EN X300 Cloud Distribution MP7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Sinteso FS20 EN X300 Cloud Distribution MP8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
@ -155,6 +323,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html",
"refsource": "MISC", "refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html" "name": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-953710.html"
} }
] ]
}, },

7
2024/23xxx/CVE-2024-23813.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code." "value": "A vulnerability has been identified in Polarion ALM (All versions < V2024.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code."
} }
] ]
}, },
@ -40,8 +40,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "=", "version_affected": "<",
"version_value": "All versions" "version_name": "0",
"version_value": "V2024.0"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27939.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27939", "ID": "CVE-2024-27939",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27940.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27940", "ID": "CVE-2024-27940",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27941.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27941", "ID": "CVE-2024-27941",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27942.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27942", "ID": "CVE-2024-27942",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could use this vulnerability to prevent any user to perform actions in the system, causing a denial of service situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27943.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27943", "ID": "CVE-2024-27943",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73: External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.2,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27944.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27944", "ID": "CVE-2024-27944",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73: External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.2,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27945.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27945", "ID": "CVE-2024-27945",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73: External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.2,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27946.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27946", "ID": "CVE-2024-27946",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the \r\ninstallation directory of the affected systems. The filename for \r\nthe target file can be specified, thus arbitrary files can be \r\noverwritten by an attacker with the required privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/27xxx/CVE-2024-27947.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-27947", "ID": "CVE-2024-27947",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM CROSSBOW",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-916916.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/30xxx/CVE-2024-30206.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30206", "ID": "CVE-2024-30206",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Clients do not properly check the integrity of update files. This could allow an unauthenticated remote attacker to alter update files in transit and trick an authorized user into installing malicious code. \r\nA successful exploit requires the attacker to be able to modify the communication between server and client on the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494: Download of Code Without Integrity Check",
"cweId": "CWE-494"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/30xxx/CVE-2024-30207.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30207", "ID": "CVE-2024-30207",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected systems use symmetric cryptography with a hard-coded key to protect the communication between client and server. This could allow an unauthenticated remote attacker to compromise confidentiality and integrity of the communication and, subsequently, availability of the system.\r\nA successful exploit requires the attacker to gain knowledge of the hard-coded key and to be able to intercept the communication between client and server on the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 10,
"baseSeverity": "CRITICAL"
} }
] ]
} }

65
2024/30xxx/CVE-2024-30208.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30208", "ID": "CVE-2024-30208",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The \"DBTest\" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/30xxx/CVE-2024-30209.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-30209", "ID": "CVE-2024-30209",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
} }
] ]
} }

77
2024/31xxx/CVE-2024-31484.json
View File

@ -1,17 +1,86 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-31484", "ID": "CVE-2024-31484",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30). The affected device firmwares contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170: Improper Null Termination",
"cweId": "CWE-170"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "CPC80 Central Processing/Communication",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V16.41"
}
]
}
},
{
"product_name": "CPCI85 Central Processing/Communication",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.30"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

77
2024/31xxx/CVE-2024-31485.json
View File

@ -1,17 +1,86 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-31485", "ID": "CVE-2024-31485",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "CPCI85 Central Processing/Communication",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.30"
}
]
}
},
{
"product_name": "SICORE Base system",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/31xxx/CVE-2024-31486.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-31486", "ID": "CVE-2024-31486",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "OPUPI0 AMQP/MQTT",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.30"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-871704.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

89
2024/31xxx/CVE-2024-31980.json
View File

@ -1,17 +1,98 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-31980", "ID": "CVE-2024-31980",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Parasolid V35.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V35.1.256"
}
]
}
},
{
"product_name": "Parasolid V36.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.0.210"
}
]
}
},
{
"product_name": "Parasolid V36.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.1.185"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-489698.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-489698.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32055.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32055", "ID": "CVE-2024-32055",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32057.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32057", "ID": "CVE-2024-32057",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32058.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32058", "ID": "CVE-2024-32058",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32059.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32059", "ID": "CVE-2024-32059",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32060.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32060", "ID": "CVE-2024-32060",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32061.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32061", "ID": "CVE-2024-32061",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32062.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32062", "ID": "CVE-2024-32062",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32063.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32063", "ID": "CVE-2024-32063",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32064.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32064", "ID": "CVE-2024-32064",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32065.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32065", "ID": "CVE-2024-32065",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32066.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32066", "ID": "CVE-2024-32066",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PS/IGES Parasolid Translator Component",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V27.1.215"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

78
2024/32xxx/CVE-2024-32077.json
View File

@ -1,18 +1,86 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32077", "ID": "CVE-2024-32077",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@apache.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.\u00a0\nUsers are recommended to upgrade to version 2.9.1, which fixes this issue.\n"
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.9.0",
"version_value": "2.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/apache/airflow/pull/38882",
"refsource": "MISC",
"name": "https://github.com/apache/airflow/pull/38882"
},
{
"url": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Ming"
},
{
"lang": "en",
"value": "Jens Scheffler"
}
]
} }

89
2024/32xxx/CVE-2024-32635.json
View File

@ -1,17 +1,98 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32635", "ID": "CVE-2024-32635",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Parasolid V35.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V35.1.256"
}
]
}
},
{
"product_name": "Parasolid V36.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.0.208"
}
]
}
},
{
"product_name": "Parasolid V36.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.1.173"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

89
2024/32xxx/CVE-2024-32636.json
View File

@ -1,17 +1,98 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32636", "ID": "CVE-2024-32636",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Parasolid V35.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V35.1.256"
}
]
}
},
{
"product_name": "Parasolid V36.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.0.208"
}
]
}
},
{
"product_name": "Parasolid V36.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.1.173"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

89
2024/32xxx/CVE-2024-32637.json
View File

@ -1,17 +1,98 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32637", "ID": "CVE-2024-32637",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Parasolid V35.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V35.1.256"
}
]
}
},
{
"product_name": "Parasolid V36.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.0.208"
}
]
}
},
{
"product_name": "Parasolid V36.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.1.173"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseScore": 3.3,
"baseSeverity": "LOW"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32639.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32639", "ID": "CVE-2024-32639",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2302.0011"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-923361.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-923361.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32740.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32740", "ID": "CVE-2024-32740",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the device\r\nlocally or over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CN 4100",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32741.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32741", "ID": "CVE-2024-32741",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack the password hash gains root access to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259: Use of Hard-coded Password",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CN 4100",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 10,
"baseSeverity": "CRITICAL"
} }
] ]
} }

65
2024/32xxx/CVE-2024-32742.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-32742", "ID": "CVE-2024-32742",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could potentially misuse the port for booting another operating system and gain complete read/write access to the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1326: Missing Immutable Root of Trust in Hardware",
"cweId": "CWE-1326"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CN 4100",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-273900.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.6,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33489.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33489", "ID": "CVE-2024-33489",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33490.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33490", "ID": "CVE-2024-33490",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33491.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33491", "ID": "CVE-2024-33491",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33492.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33492", "ID": "CVE-2024-33492",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33493.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33493", "ID": "CVE-2024-33493",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33494.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33494", "ID": "CVE-2024-33494",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected components do not properly authenticate heartbeat messages. This could allow an unauthenticated remote attacker to affected the availability of secondary RTLS systems configured using a TeeRevProxy service and potentially cause loss of data generated during the time the attack is ongoing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33495.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33495", "ID": "CVE-2024-33495",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application does not properly limit the size of specific logs. This could allow an unauthenticated remote attacker to exhaust system resources by creating a great number of log entries which could potentially lead to a denial of service condition. A successful exploitation requires the attacker to have access to specific SIMATIC RTLS Locating Manager Clients in the deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33496.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33496", "ID": "CVE-2024-33496",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33497.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33497", "ID": "CVE-2024-33497",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected SIMATIC RTLS Locating Manager Track Viewer Client do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33498.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33498", "ID": "CVE-2024-33498",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33499.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33499", "ID": "CVE-2024-33499",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The affected application assigns incorrect permissions to a user management component. This could allow a privileged attacker to escalate their privileges from the Administrators group to the Systemadministrator group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
} }
] ]
} }

89
2024/33xxx/CVE-2024-33577.json
View File

@ -1,17 +1,98 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33577", "ID": "CVE-2024-33577",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.90). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Simcenter Nastran 2306",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Simcenter Nastran 2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Simcenter Nastran 2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.90"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33583.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33583", "ID": "CVE-2024-33583",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-912: Hidden Functionality",
"cweId": "CWE-912"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC RTLS Locating Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 3.3,
"baseSeverity": "LOW"
} }
] ]
} }

65
2024/33xxx/CVE-2024-33647.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-33647", "ID": "CVE-2024-33647",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Polarion ALM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2404.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-925850.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-925850.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
} }
] ]
} }

113
2024/34xxx/CVE-2024-34085.json
View File

@ -1,17 +1,122 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-34085", "ID": "CVE-2024-34085",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain a stack overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0001"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.1.0.13"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.10"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.7"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0001"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

113
2024/34xxx/CVE-2024-34086.json
View File

@ -1,17 +1,122 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-34086", "ID": "CVE-2024-34086",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0001"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.1.0.13"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.10"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.7"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0001"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-661579.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/34xxx/CVE-2024-34771.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-34771", "ID": "CVE-2024-34771",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/34xxx/CVE-2024-34772.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-34772", "ID": "CVE-2024-34772",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

65
2024/34xxx/CVE-2024-34773.json
View File

@ -1,17 +1,74 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-34773", "ID": "CVE-2024-34773",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productcert@siemens.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-589937.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
} }
] ]
} }

18
2024/4xxx/CVE-2024-4862.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/4xxx/CVE-2024-4863.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}