diff --git a/2022/33xxx/CVE-2022-33324.json b/2022/33xxx/CVE-2022-33324.json index 6a83fc15091..20ad2430053 100644 --- a/2022/33xxx/CVE-2022-33324.json +++ b/2022/33xxx/CVE-2022-33324.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery." + "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU Firmware versions \"05\" and prior and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery." } ] }, @@ -239,7 +239,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "Firmware versions \"05\" and prior" } ] } @@ -250,7 +250,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "Firmware versions \"05\" and prior" } ] } @@ -261,7 +261,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "Firmware versions \"05\" and prior" } ] } @@ -272,7 +272,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "Firmware versions \"05\" and prior" } ] } diff --git a/2023/4xxx/CVE-2023-4088.json b/2023/4xxx/CVE-2023-4088.json index 5539923737a..203b3b18e5b 100644 --- a/2023/4xxx/CVE-2023-4088.json +++ b/2023/4xxx/CVE-2023-4088.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products." + "value": "Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder." } ] }, @@ -45,6 +45,281 @@ } ] } + }, + { + "product_name": "AL-PCS/WIN-E", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "CPU Module Logging Configuration Tool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "EZSocket", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "FR Configurator2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "FX Configurator-EN", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "FX Configurator-EN-L", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "FX Configurator-FP", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "GT Designer3 Version1(GOT1000)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "GT Designer3 Version1(GOT2000)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "GT SoftGOT1000 Version3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "GT SoftGOT2000 Version1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "GX LogViewer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "GX Works2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MELSOFT FieldDeviceConfigurator", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MELSOFT iQ AppPortal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MELSOFT MaiLab", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MELSOFT Navigator", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MELSOFT Update Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MX Component", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "MX Sheet", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "PX Developer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "RT ToolBox3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "RT VisualBox", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "Data Transfer", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + }, + { + "product_name": "Data Transfer Classic", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } } ] } diff --git a/2024/1xxx/CVE-2024-1574.json b/2024/1xxx/CVE-2024-1574.json index 302d5f7d3e4..7a4116aaf45 100644 --- a/2024/1xxx/CVE-2024-1574.json +++ b/2024/1xxx/CVE-2024-1574.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-1574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", + "cweId": "CWE-470" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ICONICS", + "product": { + "product_data": [ + { + "product_name": "GENESIS64", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 10.97 to 10.97.2" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "GENESIS64", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "versions 10.97 to 10.97.2" + } + ] + } + }, + { + "product_name": "MC Works64", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf" + }, + { + "url": "https://jvn.jp/vu/JVNVU98894016/", + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU98894016/" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/34xxx/CVE-2024-34584.json b/2024/34xxx/CVE-2024-34584.json index 8af70072be3..73f36b47458 100644 --- a/2024/34xxx/CVE-2024-34584.json +++ b/2024/34xxx/CVE-2024-34584.json @@ -5,84 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2024-34584", "ASSIGNER": "mobile.security@samsung.com", - "STATE": "PUBLIC" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "Improper privilege management in SumeNNService prior to SMR Jul-2024 Release 1 allows local attackers to start privileged service." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269: Improper Privilege Management" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Samsung Mobile", - "product": { - "product_data": [ - { - "product_name": "Samsung Mobile Devices", - "version": { - "version_data": [ - { - "version_value": "not down converted", - "x_cve_json_5_version_data": { - "versions": [ - { - "status": "unaffected", - "version": "SMR Jul-2024 Release in Android 13, 14" - } - ], - "defaultStatus": "affected" - } - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07", - "refsource": "MISC", - "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07" - } - ] - }, - "impact": { - "cvss": [ - { - "version": "3.1", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", - "baseScore": 8.4, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + "value": "** REJECT ** DO NOT USE THIS CVE RECORD. Reason: An additional patch is required." } ] } diff --git a/2024/3xxx/CVE-2024-3904.json b/2024/3xxx/CVE-2024-3904.json index 2e0bd4ef29c..5752316e343 100644 --- a/2024/3xxx/CVE-2024-3904.json +++ b/2024/3xxx/CVE-2024-3904.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions \"05\" to \"07\" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions", + "cweId": "CWE-276" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mitsubishi Electric Corporation", + "product": { + "product_data": [ + { + "product_name": "MELIPC Series MI5122-VW", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Firmware versions \"05\" to \"07\"" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf", + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/6xxx/CVE-2024-6387.json b/2024/6xxx/CVE-2024-6387.json index 3149b1e4298..9cfff5f1676 100644 --- a/2024/6xxx/CVE-2024-6387.json +++ b/2024/6xxx/CVE-2024-6387.json @@ -108,6 +108,19 @@ } ] } + }, + { + "product_name": "Red Hat OpenShift Container Platform 4", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "defaultStatus": "affected" + } + } + ] + } } ] } @@ -137,6 +150,11 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/07/03/1" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/03/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/03/11" + }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/03/2", "refsource": "MISC", @@ -157,6 +175,11 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/07/03/5" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/04/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2024/07/04/1" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:4312", "refsource": "MISC", @@ -172,6 +195,11 @@ "refsource": "MISC", "name": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/" }, + { + "url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/", + "refsource": "MISC", + "name": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/" + }, { "url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server", "refsource": "MISC", @@ -192,6 +220,31 @@ "refsource": "MISC", "name": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc" }, + { + "url": "https://github.com/AlmaLinux/updates/issues/629", + "refsource": "MISC", + "name": "https://github.com/AlmaLinux/updates/issues/629" + }, + { + "url": "https://github.com/Azure/AKS/issues/4379", + "refsource": "MISC", + "name": "https://github.com/Azure/AKS/issues/4379" + }, + { + "url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248", + "refsource": "MISC", + "name": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248" + }, + { + "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249", + "refsource": "MISC", + "name": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249" + }, + { + "url": "https://github.com/microsoft/azurelinux/issues/9555", + "refsource": "MISC", + "name": "https://github.com/microsoft/azurelinux/issues/9555" + }, { "url": "https://github.com/oracle/oracle-linux/issues/149", "refsource": "MISC", @@ -276,46 +329,6 @@ "url": "https://www.theregister.com/2024/07/01/regresshion_openssh/", "refsource": "MISC", "name": "https://www.theregister.com/2024/07/01/regresshion_openssh/" - }, - { - "url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/", - "refsource": "MISC", - "name": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/" - }, - { - "url": "https://github.com/microsoft/azurelinux/issues/9555", - "refsource": "MISC", - "name": "https://github.com/microsoft/azurelinux/issues/9555" - }, - { - "url": "https://github.com/Azure/AKS/issues/4379", - "refsource": "MISC", - "name": "https://github.com/Azure/AKS/issues/4379" - }, - { - "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249", - "refsource": "MISC", - "name": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249" - }, - { - "url": "https://github.com/AlmaLinux/updates/issues/629", - "refsource": "MISC", - "name": "https://github.com/AlmaLinux/updates/issues/629" - }, - { - "url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248", - "refsource": "MISC", - "name": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/03/11", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/03/11" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2024/07/04/1", - "refsource": "MISC", - "name": "http://www.openwall.com/lists/oss-security/2024/07/04/1" } ] }, diff --git a/2024/6xxx/CVE-2024-6505.json b/2024/6xxx/CVE-2024-6505.json new file mode 100644 index 00000000000..743d3269b43 --- /dev/null +++ b/2024/6xxx/CVE-2024-6505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-6505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file