admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#5021

Browse Source 
Auto-merge PR#5021
This commit is contained in:
CVE Team 2020-10-13 11:30:25 -04:00 committed by GitHub
commit 2fdb54a2dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 100 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
2020/15xxx/CVE-2020-15797.json
View File

@ -1,18 +1,61 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15797",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15797",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "DCA Vantage Analyzer",
"version": {
"version_data": [
{
"version_value": "All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (\u201ckiosk mode\u201d)\nand access the underlying operating system. Successful exploitation requires direct physical access to the system. \n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"
}
]
}
}
}

57
2020/7xxx/CVE-2020-7590.json
View File

@ -1,18 +1,61 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-7590",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-7590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "DCA Vantage Analyzer",
"version": {
"version_data": [
{
"version_value": "All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259: Use of Hard-coded Password"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Affected devices use a hard-coded password to protect the onboard database. This could allow an\nattacker to read and or modify the onboard database. Successful exploitation requires direct physical\naccess to the device.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.siemens-healthineers.com/support-documentation/security-advisory"
}
]
}
}
}