admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#8580

Browse Source 
Auto-merge PR#8580
This commit is contained in:
CVE Team 2023-02-02 19:50:30 -05:00 committed by GitHub
commit 2fdb341830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 60 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
2022/2xxx/CVE-2022-2988.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ASSIGNER": "cybersecurity@se.com",
"ID": "CVE-2022-2988",
"STATE": "PUBLIC"
},
@ -15,21 +15,21 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "V",
"version_value": "2.1.0"
"version_affected": "<",
"version_name": "All",
"version_value": "V2.1.0"
}
]
}
},
{
"product_name": "EcoStruxureTM Machine Expert \u2013 HVAC",
"product_name": "EcoStruxure Machine Expert HVAC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "V",
"version_value": "1.4.0"
"version_affected": "<",
"version_name": "All",
"version_value": "V1.4.0"
}
]
}
@ -48,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC(V2.1.0 and prior), EcoStruxure Machine Expert \u2013 HVAC(V1.4.0 and prior)."
"value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert HVAC (Versions prior to V1.4.0)"
}
]
},
@ -62,12 +62,12 @@
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
@ -86,9 +86,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf"
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf"
}
]
},

42
2022/45xxx/CVE-2022-45788.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ASSIGNER": "cybersecurity@se.com",
"ID": "CVE-2022-45788",
"STATE": "PUBLIC"
},
@ -11,25 +11,24 @@
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert ",
"product_name": "EcoStruxure Control Expert ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
},
{
"product_name": "EcoStruxure Process Expert",
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "V",
"version_value": "2020"
"version_affected": "<",
"version_name": "All",
"version_value": "V2020"
}
]
}
@ -40,20 +39,18 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
"product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -64,8 +61,7 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -76,8 +72,7 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -88,8 +83,7 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -100,8 +94,7 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -120,7 +113,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure\u2122 Control Expert (All Versions), EcoStruxure\u2122 Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum Unity M1E Processor (171CBU*) (All Versions), Modicon MC80 (BMKC80) (All Versions), Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) (All Versions)"
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)"
}
]
},
@ -158,9 +151,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
}
]
},

35
2022/45xxx/CVE-2022-45789.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ASSIGNER": "cybersecurity@se.com",
"ID": "CVE-2022-45789",
"STATE": "PUBLIC"
},
@ -11,25 +11,24 @@
"product": {
"product_data": [
{
"product_name": "EcoStruxure Control Expert ",
"product_name": "EcoStruxure Control Expert ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
},
{
"product_name": "EcoStruxure Process Expert",
"product_name": "EcoStruxure Process Expert",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "V",
"version_value": "2020"
"version_affected": "<",
"version_name": "All",
"version_value": "V2020"
}
]
}
@ -40,20 +39,18 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
},
{
"product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*)",
"product_name": "Modicon M580 CPU (part numbers BMEP* and BMEH*) ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -64,8 +61,7 @@
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions"
"version_value": "All Versions"
}
]
}
@ -84,7 +80,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure\u2122 Control Expert (All Versions), EcoStruxure\u2122 Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions)"
"value": "A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)"
}
]
},
@ -113,7 +109,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-294 Authentication Bypass by Capture-replay"
"value": "CWE-294: Authentication Bypass by Capture-Replay"
}
]
}
@ -122,9 +118,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf",
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"
}
]
},

39
2023/22xxx/CVE-2023-22610.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ASSIGNER": "cybersecurity@se.com",
"ID": "CVE-2023-22610",
"STATE": "PUBLIC"
},
@ -11,37 +11,13 @@
"product": {
"product_data": [
{
"product_name": "EcoStruxure Geo SCADA Expert 2019",
"product_name": "EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_affected": "<",
"version_name": "All",
"version_value": "Versions prior to October 2022 "
}
]
}
},
{
"product_name": "EcoStruxure Geo SCADA Expert 2020",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions prior to October 2022 "
}
]
}
},
{
"product_name": "EcoStruxure Geo SCADA Expert 2021",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions prior to October 2022 "
"version_value": "October 2022"
}
]
}
@ -60,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure\u2122 Geo SCADA Expert 2019, EcoStruxure\u2122 Geo SCADA Expert 2020, EcoStruxure\u2122 Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions)."
"value": "A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)"
}
]
},
@ -98,9 +74,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2023-010-02/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2023-010-02/"
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf"
}
]
},

39
2023/22xxx/CVE-2023-22611.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ASSIGNER": "cybersecurity@se.com",
"ID": "CVE-2023-22611",
"STATE": "PUBLIC"
},
@ -11,37 +11,13 @@
"product": {
"product_data": [
{
"product_name": "EcoStruxure Geo SCADA Expert 2019",
"product_name": "EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_affected": "<",
"version_name": "All",
"version_value": "Versions prior to October 2022 "
}
]
}
},
{
"product_name": "EcoStruxure Geo SCADA Expert 2020",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "Versions prior to October 2022 "
}
]
}
},
{
"product_name": "EcoStruxure Geo SCADA Expert 2021",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All ",
"version_value": "Versions prior to October 2022 "
"version_value": "October 2022"
}
]
}
@ -60,7 +36,7 @@
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure\u2122 Geo SCADA Expert 2019, EcoStruxure\u2122 Geo SCADA Expert 2020, EcoStruxure\u2122 Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions)."
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)"
}
]
},
@ -98,9 +74,8 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2023-010-02/",
"name": "https://www.se.com/ww/en/download/document/SEVD-2023-010-02/"
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf"
}
]
},