admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-12 13:00:32 +00:00
parent 4608da9b16
commit 2c292e9ece
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
36 changed files with 5970 additions and 437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2149
2020/28xxx/CVE-2020-28400.json
View File

File diff suppressed because it is too large Load Diff

413
2023/32xxx/CVE-2023-32736.json
View File

@ -1,17 +1,422 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-PLCSIM V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V18 Update 5"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V18 Update 5"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V18 Update 5"
}
]
}
},
{
"product_name": "SIMATIC WinCC V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIMATIC WinCC V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V18 Update 5"
}
]
}
},
{
"product_name": "SIMOCODE ES V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIMOCODE ES V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.4 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.4 SP3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.5 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V17 Update 8"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.6.0.1"
}
]
}
},
{
"product_name": "TIA Portal Cloud V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V4.6.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-871035.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-871035.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

9
2023/46xxx/CVE-2023-46280.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
}
]
},
@ -366,7 +366,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.3.12"
}
]
}
@ -460,6 +460,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
}
]
},

10
2023/49xxx/CVE-2023-49069.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
}
]
},
@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V10.16.0"
}
]
}
@ -54,7 +54,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V10.12.7"
}
]
}
@ -66,7 +66,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V10.6.16"
}
]
}
@ -90,7 +90,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V9.24.29"
}
]
}

121
2024/11xxx/CVE-2024-11121.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM bis 8.6.4.3 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. Durch Manipulation des Arguments userid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8",
"product": {
"product_data": [
{
"product_name": "Lingdang CRM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.4.0"
},
{
"version_affected": "=",
"version_value": "8.6.4.1"
},
{
"version_affected": "=",
"version_value": "8.6.4.2"
},
{
"version_affected": "=",
"version_value": "8.6.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.283969",
"refsource": "MISC",
"name": "https://vuldb.com/?id.283969"
},
{
"url": "https://vuldb.com/?ctiid.283969",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.283969"
},
{
"url": "https://vuldb.com/?submit.436675",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.436675"
},
{
"url": "https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc",
"refsource": "MISC",
"name": "https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc"
}
]
},
"credits": [
{
"lang": "en",
"value": "XingYue_Mstir (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

121
2024/11xxx/CVE-2024-11122.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in \u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Lingdang CRM bis 8.6.4.3 entdeckt. Davon betroffen ist unbekannter Code der Datei /crm/wechatSession/index.php?msgid=1&operation=upload. Mittels dem Manipulieren des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted Upload",
"cweId": "CWE-434"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "\u4e0a\u6d77\u7075\u5f53\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8",
"product": {
"product_data": [
{
"product_name": "Lingdang CRM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.6.4.0"
},
{
"version_affected": "=",
"version_value": "8.6.4.1"
},
{
"version_affected": "=",
"version_value": "8.6.4.2"
},
{
"version_affected": "=",
"version_value": "8.6.4.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.283970",
"refsource": "MISC",
"name": "https://vuldb.com/?id.283970"
},
{
"url": "https://vuldb.com/?ctiid.283970",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.283970"
},
{
"url": "https://vuldb.com/?submit.436676",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.436676"
},
{
"url": "https://wiki.shikangsi.com/post/share/8c9422c2-ecad-4471-97a2-6f8035a2ddf5",
"refsource": "MISC",
"name": "https://wiki.shikangsi.com/post/share/8c9422c2-ecad-4471-97a2-6f8035a2ddf5"
}
]
},
"credits": [
{
"lang": "en",
"value": "XingYue_Mstir (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/11xxx/CVE-2024-11136.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11136",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11137.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11137",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11138.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

65
2024/29xxx/CVE-2024-29119.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-29119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266: Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Spectrum Power 7",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V24Q3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-616032.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-616032.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

4
2024/30xxx/CVE-2024-30321.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."
}
]
},
@ -54,7 +54,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V18 Update 5"
}
]
}

40
2024/33xxx/CVE-2024-33698.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Opcenter Execution Foundation",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Opcenter Quality",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Opcenter RDL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC Information Server 2022",
"version": {
@ -138,7 +174,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V18 Update 5"
}
]
}

4
2024/35xxx/CVE-2024-35783.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges."
"value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges."
}
]
},
@ -114,7 +114,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V18 Update 5"
}
]
}

77
2024/36xxx/CVE-2024-36140.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-36140",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "OZW672",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.2"
}
]
}
},
{
"product_name": "OZW772",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-230445.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-230445.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
]
}

209
2024/44xxx/CVE-2024-44102.json
View File

@ -1,17 +1,218 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-44102",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "PP TeleControl Server Basic 1000 to 5000 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "PP TeleControl Server Basic 256 to 1000 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "PP TeleControl Server Basic 32 to 64 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "PP TeleControl Server Basic 64 to 256 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "PP TeleControl Server Basic 8 to 32 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic 1000 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic 256 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic 32 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic 5000 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic 64 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic 8 V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic Serv Upgr",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic Upgr V3.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.1.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-454789.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-454789.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}

186
2024/46xxx/CVE-2024-46886.json
View File

@ -702,7 +702,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.1.4"
}
]
}
@ -726,7 +726,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.1.4"
}
]
}
@ -1079,6 +1079,186 @@
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1214 DC/DC/DC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1214 DC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1214FC DC/DC/DC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1214FC DC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1215C DC/DC/DC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1200 CPU 1215FC DC/DC/DC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIPLUS S7-1500 CPU 1511-1 PN",
"version": {
@ -1278,7 +1458,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.1.4"
}
]
}

6
2024/46xxx/CVE-2024-46887.json
View File

@ -474,7 +474,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.1.4"
}
]
}
@ -498,7 +498,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.1.4"
}
]
}
@ -918,7 +918,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V3.1.4"
}
]
}

65
2024/46xxx/CVE-2024-46888.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46888",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC INS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.0 SP2 Update 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

65
2024/46xxx/CVE-2024-46889.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46889",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC INS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.0 SP2 Update 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

65
2024/46xxx/CVE-2024-46890.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46890",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC INS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.0 SP2 Update 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

65
2024/46xxx/CVE-2024-46891.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46891",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC INS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.0 SP2 Update 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

65
2024/46xxx/CVE-2024-46892.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46892",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration",
"cweId": "CWE-613"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC INS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.0 SP2 Update 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
]
}

65
2024/46xxx/CVE-2024-46894.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-46894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the \"/api/sftp/users\" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC INS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V1.0 SP2 Update 3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
]
}

65
2024/47xxx/CVE-2024-47783.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.\r\n\r\nThis could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIPORT",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.4.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064257.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064257.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/47xxx/CVE-2024-47808.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47808",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.\r\nThis could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.0 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.4,
"baseSeverity": "HIGH"
}
]
}

65
2024/47xxx/CVE-2024-47940.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/47xxx/CVE-2024-47941.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/47xxx/CVE-2024-47942.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element",
"cweId": "CWE-427"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

65
2024/50xxx/CVE-2024-50310.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization",
"cweId": "CWE-863"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 1543-1 V4.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "V4.0.44",
"version_value": "V4.0.50"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-654798.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-654798.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

113
2024/50xxx/CVE-2024-50313.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50313",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
"cweId": "CWE-362"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Mendix Runtime V10",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.16.0"
}
]
}
},
{
"product_name": "Mendix Runtime V10.12",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.12.7"
}
]
}
},
{
"product_name": "Mendix Runtime V10.6",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.6.15"
}
]
}
},
{
"product_name": "Mendix Runtime V8",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Mendix Runtime V9",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V9.24.29"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-914892.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-914892.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

341
2024/50xxx/CVE-2024-50557.json
View File

@ -1,17 +1,350 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) EU",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M804PB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M812-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M816-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M826-2 SHDSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3 3G-Router (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3 (ROK)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (NAM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (RoW)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 EEC LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

341
2024/50xxx/CVE-2024-50558.json
View File

@ -1,17 +1,350 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) EU",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M804PB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M812-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M816-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M826-2 SHDSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3 3G-Router (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3 (ROK)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (NAM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (RoW)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 EEC LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

341
2024/50xxx/CVE-2024-50559.json
View File

@ -1,17 +1,350 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) EU",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M804PB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M812-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M816-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M826-2 SHDSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3 3G-Router (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3 (ROK)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (NAM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (RoW)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 EEC LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

341
2024/50xxx/CVE-2024-50560.json
View File

@ -1,17 +1,350 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) EU",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M804PB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M812-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M816-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M826-2 SHDSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3 3G-Router (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3 (ROK)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (NAM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (RoW)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 EEC LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW"
}
]
}

341
2024/50xxx/CVE-2024-50561.json
View File

@ -1,17 +1,350 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) EU",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M804PB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M812-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M816-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M826-2 SHDSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3 3G-Router (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3 (ROK)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (NAM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (RoW)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 EEC LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

341
2024/50xxx/CVE-2024-50572.json
View File

@ -1,17 +1,350 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50572",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) EU",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224 LTE(4G) NAM",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M804PB",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M812-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M816-1 ADSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M826-2 SHDSL-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M874-3 3G-Router (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-3 (ROK)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE M876-4 (NAM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM853-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (A1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (B1)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (CN)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (EU)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE MUM856-1 (RoW)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 EEC LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
},
{
"product_name": "SCALANCE S615 LAN-Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V8.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}