From 322eb2099266603ed1252060acc2bb6a67ab3a54 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Jan 2021 21:02:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10934.json | 2 +- 2019/10xxx/CVE-2019-10936.json | 2 +- 2019/13xxx/CVE-2019-13939.json | 2 +- 2019/19xxx/CVE-2019-19282.json | 2 +- 2020/15xxx/CVE-2020-15799.json | 7 ++-- 2020/15xxx/CVE-2020-15800.json | 7 ++-- 2020/25xxx/CVE-2020-25226.json | 7 ++-- 2020/26xxx/CVE-2020-26980.json | 7 ++-- 2020/26xxx/CVE-2020-26981.json | 7 ++-- 2020/26xxx/CVE-2020-26982.json | 7 ++-- 2020/26xxx/CVE-2020-26983.json | 7 ++-- 2020/26xxx/CVE-2020-26984.json | 7 ++-- 2020/26xxx/CVE-2020-26985.json | 7 ++-- 2020/26xxx/CVE-2020-26986.json | 7 ++-- 2020/26xxx/CVE-2020-26987.json | 7 ++-- 2020/26xxx/CVE-2020-26988.json | 7 ++-- 2020/26xxx/CVE-2020-26989.json | 12 ++++--- 2020/26xxx/CVE-2020-26990.json | 7 ++-- 2020/26xxx/CVE-2020-26991.json | 7 ++-- 2020/26xxx/CVE-2020-26992.json | 7 ++-- 2020/26xxx/CVE-2020-26993.json | 7 ++-- 2020/26xxx/CVE-2020-26994.json | 7 ++-- 2020/26xxx/CVE-2020-26995.json | 7 ++-- 2020/26xxx/CVE-2020-26996.json | 7 ++-- 2020/28xxx/CVE-2020-28381.json | 7 ++-- 2020/28xxx/CVE-2020-28382.json | 7 ++-- 2020/28xxx/CVE-2020-28383.json | 12 ++++--- 2020/28xxx/CVE-2020-28384.json | 7 ++-- 2020/28xxx/CVE-2020-28386.json | 7 ++-- 2020/28xxx/CVE-2020-28390.json | 7 ++-- 2020/28xxx/CVE-2020-28391.json | 7 ++-- 2020/28xxx/CVE-2020-28395.json | 7 ++-- 2020/7xxx/CVE-2020-7576.json | 2 +- 2020/8xxx/CVE-2020-8842.json | 58 ++++------------------------------ 34 files changed, 130 insertions(+), 144 deletions(-) diff --git a/2019/10xxx/CVE-2019-10934.json b/2019/10xxx/CVE-2019-10934.json index a9e4742b00f..fd3157abd51 100644 --- a/2019/10xxx/CVE-2019-10934.json +++ b/2019/10xxx/CVE-2019-10934.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in TIA Portal V14 (All versions < V14 SP1 Update 10), TIA Portal V15 (All versions < V15 SP1 Update 4), TIA Portal V16 (All versions < V16 Update 1). Changing the contents of a configuration file could allow an attacker to\nexecute arbitrary code with SYSTEM privileges.\n\nThe security vulnerability could be exploited by an attacker with a valid\naccount and limited access rights on the system. No user interaction is\nrequired.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n" + "value": "A vulnerability has been identified in TIA Portal V14 (All versions < V14 SP1 Update 10), TIA Portal V15 (All versions < V15 SP1 Update 4), TIA Portal V16 (All versions < V16 Update 1). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index 34f2952e121..4bcaa84ea25 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -556,7 +556,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0), SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered\nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n" + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN (except 6ES7141-6BG00-0BB0, 6ES7141-6BH00-0BB0, 6ES7142-6BG00-0BB0, 6ES7142-6BR00-0BB0, 6S7143-6BH00-0BB0, 6ES7146-6FF00-0AB0, 6ES7148-6JD00-0AB0 and 6ES7148-6JG00-0BB0), SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/13xxx/CVE-2019-13939.json b/2019/13xxx/CVE-2019-13939.json index 8aa56209109..b83ef6c19f6 100644 --- a/2019/13xxx/CVE-2019-13939.json +++ b/2019/13xxx/CVE-2019-13939.json @@ -166,7 +166,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions >= V3.0), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC (Power PC) (All versions >= V2.3x and < V6.00.327), Desigo PXM20 (Power PC) (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions <= V0.3.0.95), TALON TC Series (BACnet) (All versions >= V3.0), VSTAR (All versions). \nBy sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.\n\nThe vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. \n" + "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions >= V3.0), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC (Power PC) (All versions >= V2.3x and < V6.00.327), Desigo PXM20 (Power PC) (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions <= V0.3.0.95), TALON TC Series (BACnet) (All versions >= V3.0), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack." } ] }, diff --git a/2019/19xxx/CVE-2019-19282.json b/2019/19xxx/CVE-2019-19282.json index e1dc64b23af..87db4489af6 100644 --- a/2019/19xxx/CVE-2019-19282.json +++ b/2019/19xxx/CVE-2019-19282.json @@ -236,7 +236,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction.\n" + "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction." } ] }, diff --git a/2020/15xxx/CVE-2020-15799.json b/2020/15xxx/CVE-2020-15799.json index 85d00001e3f..21adf0b6328 100644 --- a/2020/15xxx/CVE-2020-15799.json +++ b/2020/15xxx/CVE-2020-15799.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf" } ] } diff --git a/2020/15xxx/CVE-2020-15800.json b/2020/15xxx/CVE-2020-15800.json index 0bf84850ac4..7fa2d7e129e 100644 --- a/2020/15xxx/CVE-2020-15800.json +++ b/2020/15xxx/CVE-2020-15800.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition.\nAn attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf" } ] } diff --git a/2020/25xxx/CVE-2020-25226.json b/2020/25xxx/CVE-2020-25226.json index 3a137a1e918..d4b56dc0f9a 100644 --- a/2020/25xxx/CVE-2020-25226.json +++ b/2020/25xxx/CVE-2020-25226.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition.\nAn attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26980.json b/2020/26xxx/CVE-2020-26980.json index 423dd798c6c..81eb3153e64 100644 --- a/2020/26xxx/CVE-2020-26980.json +++ b/2020/26xxx/CVE-2020-26980.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26981.json b/2020/26xxx/CVE-2020-26981.json index 41884f34b92..4124c38b52e 100644 --- a/2020/26xxx/CVE-2020-26981.json +++ b/2020/26xxx/CVE-2020-26981.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26982.json b/2020/26xxx/CVE-2020-26982.json index 4f3add794de..2e85b9be5a7 100644 --- a/2020/26xxx/CVE-2020-26982.json +++ b/2020/26xxx/CVE-2020-26982.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26983.json b/2020/26xxx/CVE-2020-26983.json index 90f89931c14..b50e4c1fd1e 100644 --- a/2020/26xxx/CVE-2020-26983.json +++ b/2020/26xxx/CVE-2020-26983.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26984.json b/2020/26xxx/CVE-2020-26984.json index d81d8bf8d1a..a15deb34871 100644 --- a/2020/26xxx/CVE-2020-26984.json +++ b/2020/26xxx/CVE-2020-26984.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26985.json b/2020/26xxx/CVE-2020-26985.json index fe9b07430ea..a93da08cac4 100644 --- a/2020/26xxx/CVE-2020-26985.json +++ b/2020/26xxx/CVE-2020-26985.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26986.json b/2020/26xxx/CVE-2020-26986.json index 848c34ac8d0..93d6934e9c4 100644 --- a/2020/26xxx/CVE-2020-26986.json +++ b/2020/26xxx/CVE-2020-26986.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26987.json b/2020/26xxx/CVE-2020-26987.json index e4c366b3ea7..889a66f3d86 100644 --- a/2020/26xxx/CVE-2020-26987.json +++ b/2020/26xxx/CVE-2020-26987.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26988.json b/2020/26xxx/CVE-2020-26988.json index c6b866f11af..c7859b45dfe 100644 --- a/2020/26xxx/CVE-2020-26988.json +++ b/2020/26xxx/CVE-2020-26988.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26989.json b/2020/26xxx/CVE-2020-26989.json index a05815c0b32..94e499e981a 100644 --- a/2020/26xxx/CVE-2020-26989.json +++ b/2020/26xxx/CVE-2020-26989.json @@ -86,19 +86,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Solid Edge (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Solid Edge (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26990.json b/2020/26xxx/CVE-2020-26990.json index 42971c87715..480044fcf63 100644 --- a/2020/26xxx/CVE-2020-26990.json +++ b/2020/26xxx/CVE-2020-26990.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26991.json b/2020/26xxx/CVE-2020-26991.json index 53bb204a76b..cae1c7fe19f 100644 --- a/2020/26xxx/CVE-2020-26991.json +++ b/2020/26xxx/CVE-2020-26991.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26992.json b/2020/26xxx/CVE-2020-26992.json index 0ec4d6b53e7..74647f414d1 100644 --- a/2020/26xxx/CVE-2020-26992.json +++ b/2020/26xxx/CVE-2020-26992.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26993.json b/2020/26xxx/CVE-2020-26993.json index 7018f1e30ed..c1b968b2317 100644 --- a/2020/26xxx/CVE-2020-26993.json +++ b/2020/26xxx/CVE-2020-26993.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26994.json b/2020/26xxx/CVE-2020-26994.json index fa7b790db1c..16bac6f2a26 100644 --- a/2020/26xxx/CVE-2020-26994.json +++ b/2020/26xxx/CVE-2020-26994.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26995.json b/2020/26xxx/CVE-2020-26995.json index e26b0b6d4ee..2bb8d677438 100644 --- a/2020/26xxx/CVE-2020-26995.json +++ b/2020/26xxx/CVE-2020-26995.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26996.json b/2020/26xxx/CVE-2020-26996.json index 93f292785fe..cb1c9d3892c 100644 --- a/2020/26xxx/CVE-2020-26996.json +++ b/2020/26xxx/CVE-2020-26996.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28381.json b/2020/28xxx/CVE-2020-28381.json index f6d9d50893e..9e3e87ba863 100644 --- a/2020/28xxx/CVE-2020-28381.json +++ b/2020/28xxx/CVE-2020-28381.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28382.json b/2020/28xxx/CVE-2020-28382.json index 7705b8bbf52..dd0edf8e748 100644 --- a/2020/28xxx/CVE-2020-28382.json +++ b/2020/28xxx/CVE-2020-28382.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28383.json b/2020/28xxx/CVE-2020-28383.json index d68ac90a39d..190aae9de20 100644 --- a/2020/28xxx/CVE-2020-28383.json +++ b/2020/28xxx/CVE-2020-28383.json @@ -66,19 +66,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Solid Edge (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Solid Edge (All Versions < SE2021MP2), Teamcenter Visualization (All Versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28384.json b/2020/28xxx/CVE-2020-28384.json index ad49d34f258..14ea715712b 100644 --- a/2020/28xxx/CVE-2020-28384.json +++ b/2020/28xxx/CVE-2020-28384.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28386.json b/2020/28xxx/CVE-2020-28386.json index 1e9fdc56c76..8fcdc303957 100644 --- a/2020/28xxx/CVE-2020-28386.json +++ b/2020/28xxx/CVE-2020-28386.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in Solid Edge (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28390.json b/2020/28xxx/CVE-2020-28390.json index 712adf8ff14..91aa287f873 100644 --- a/2020/28xxx/CVE-2020-28390.json +++ b/2020/28xxx/CVE-2020-28390.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions.\n\nA local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.\n" + "value": "A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28391.json b/2020/28xxx/CVE-2020-28391.json index a3360452fbf..79b7c86eabe 100644 --- a/2020/28xxx/CVE-2020-28391.json +++ b/2020/28xxx/CVE-2020-28391.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). Devices create a new unique key upon factory reset, except when used\nwith C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key\nshipped with the firmware-image. An attacker could leverage this situation to a\nman-in-the-middle situation and decrypt previously captured traffic.\n" + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28395.json b/2020/28xxx/CVE-2020-28395.json index 54256da594e..aac62a59617 100644 --- a/2020/28xxx/CVE-2020-28395.json +++ b/2020/28xxx/CVE-2020-28395.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.\n" + "value": "A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf" } ] } diff --git a/2020/7xxx/CVE-2020-7576.json b/2020/7xxx/CVE-2020-7576.json index 1e153f65e66..8314ba9147d 100644 --- a/2020/7xxx/CVE-2020-7576.json +++ b/2020/7xxx/CVE-2020-7576.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software.\n\nThe impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim.\n" + "value": "A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the vulnerable software. The impact of this attack could result in the session cookies of legitimate users being stolen. Should the attacker gain access to these cookies, they could then hijack the session and perform arbitrary actions in the name of the victim." } ] }, diff --git a/2020/8xxx/CVE-2020-8842.json b/2020/8xxx/CVE-2020-8842.json index f4b8c631e8c..e57158c12f0 100644 --- a/2020/8xxx/CVE-2020-8842.json +++ b/2020/8xxx/CVE-2020-8842.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2020-8842", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8842", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Unquoted search path vulnerability in MSI True Color before 3.0.52.0 allows privilege escalation to SYSTEM." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://trioxsecurity.com/msi-truecolor-unquoted-service-path-vulnerability/", - "url": "https://trioxsecurity.com/msi-truecolor-unquoted-service-path-vulnerability/" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] }