diff --git a/2015/8xxx/CVE-2015-8214.json b/2015/8xxx/CVE-2015-8214.json index 8db4e7ba352..9fe7d2f9936 100644 --- a/2015/8xxx/CVE-2015-8214.json +++ b/2015/8xxx/CVE-2015-8214.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", + "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8214", "STATE": "PUBLIC" }, @@ -11,131 +11,21 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Siemens", "product": { "product_data": [ { - "product_name": "SIMATIC NET CP 342-5 (incl. SIPLUS variants)", + "product_name": "n/a", "version": { "version_data": [ { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.0.44" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.1.1" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.1.1" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.2.9" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.2.9" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-5 Extended", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V2.6.0" - } - ] - } - }, - { - "product_name": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.1.0" - } - ] - } - }, - { - "product_name": "TIM 4R-IE (incl. SIPLUS NET variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V2.6.0" - } - ] - } - }, - { - "product_name": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V3.1.0" + "version_value": "n/a" } ] } } ] - } + }, + "vendor_name": "n/a" } ] } @@ -146,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "CWE-306: Missing Authentication for Critical Function" + "value": "n/a" } ] } @@ -156,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication\nprocessors (CP) could possibly allow unauthenticated users to perform administrative\noperations on the CPs if network access (port 102/TCP) is available and the CPs'\nconfiguration was stored on their corresponding CPUs.\n" + "value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs." } ] }, @@ -167,16 +57,16 @@ "refsource": "BID", "url": "http://www.securityfocus.com/bid/78345" }, - { - "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf", - "refsource": "CONFIRM", - "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf" - }, { "name": "1034279", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034279" }, + { + "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf" + }, { "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf", diff --git a/2019/13xxx/CVE-2019-13924.json b/2019/13xxx/CVE-2019-13924.json index 4294aa4846b..1a6f8dae2a6 100644 --- a/2019/13xxx/CVE-2019-13924.json +++ b/2019/13xxx/CVE-2019-13924.json @@ -106,7 +106,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web\ninterface, which makes it vulnerable to Clickjacking attacks. \n\nThe security vulnerability could be exploited by an attacker that is able\nto trick an administrative user with a valid session on the target device into\nclicking on a website controlled by the attacker. The vulnerability could\nallow an attacker to perform administrative actions via the web interface.\n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface." } ] }, diff --git a/2019/13xxx/CVE-2019-13925.json b/2019/13xxx/CVE-2019-13925.json index 180ce352507..33e1a1004dc 100644 --- a/2019/13xxx/CVE-2019-13925.json +++ b/2019/13xxx/CVE-2019-13925.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could\ncause a Denial-of-Service condition of the web server.\n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server." } ] }, diff --git a/2019/13xxx/CVE-2019-13926.json b/2019/13xxx/CVE-2019-13926.json index 26d2ddc878d..cd37bbc768e 100644 --- a/2019/13xxx/CVE-2019-13926.json +++ b/2019/13xxx/CVE-2019-13926.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could\ncause a Denial-of-Service condition of the web server. A cold reboot is\nrequired to restore the functionality of the device.\n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device." } ] }, diff --git a/2019/13xxx/CVE-2019-13947.json b/2019/13xxx/CVE-2019-13947.json index fc06c9fbc1e..913ddc1c562 100644 --- a/2019/13xxx/CVE-2019-13947.json +++ b/2019/13xxx/CVE-2019-13947.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the\nControl Center Server (CCS) transfers user passwords in clear to the\nclient (browser).\n\nAn attacker with administrative privileges for the web interface could be\nable to read (and not only reset) passwords of other CCS users.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users." } ] }, diff --git a/2019/18xxx/CVE-2019-18337.json b/2019/18xxx/CVE-2019-18337.json index 55fd27c7111..e6f59c77e42 100644 --- a/2019/18xxx/CVE-2019-18337.json +++ b/2019/18xxx/CVE-2019-18337.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nA remote attacker with network access to the CCS server could\nexploit this vulnerability to read the CCS users database, including\nthe passwords of all users in obfuscated cleartext.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext." } ] }, diff --git a/2019/18xxx/CVE-2019-18338.json b/2019/18xxx/CVE-2019-18338.json index 900ab7a6c25..a9d8a27b4a0 100644 --- a/2019/18xxx/CVE-2019-18338.json +++ b/2019/18xxx/CVE-2019-18338.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nAn authenticated remote attacker with network access to the CCS server\ncould exploit this vulnerability to list arbitrary directories\nor read files outside of the CCS application context.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context." } ] }, diff --git a/2019/18xxx/CVE-2019-18339.json b/2019/18xxx/CVE-2019-18339.json index edb5d70143e..57d0d7b0056 100644 --- a/2019/18xxx/CVE-2019-18339.json +++ b/2019/18xxx/CVE-2019-18339.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext.\n" + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext." } ] }, diff --git a/2019/18xxx/CVE-2019-18340.json b/2019/18xxx/CVE-2019-18340.json index a964a479ec8..9438c42141d 100644 --- a/2019/18xxx/CVE-2019-18340.json +++ b/2019/18xxx/CVE-2019-18340.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks." } ] }, diff --git a/2019/18xxx/CVE-2019-18341.json b/2019/18xxx/CVE-2019-18341.json index d89fec489af..924f63ceb05 100644 --- a/2019/18xxx/CVE-2019-18341.json +++ b/2019/18xxx/CVE-2019-18341.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) contains an authentication bypass vulnerability.\n\nA remote attacker with network access to the CCS server could\nexploit this vulnerability to read data from the EDIR directory\n(for example, the list of all configured stations).\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations)." } ] }, diff --git a/2019/18xxx/CVE-2019-18342.json b/2019/18xxx/CVE-2019-18342.json index b31478a0ad3..807c017d066 100644 --- a/2019/18xxx/CVE-2019-18342.json +++ b/2019/18xxx/CVE-2019-18342.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server." } ] }, diff --git a/2019/19xxx/CVE-2019-19290.json b/2019/19xxx/CVE-2019-19290.json index 3b01663325d..558667dd30d 100644 --- a/2019/19xxx/CVE-2019-19290.json +++ b/2019/19xxx/CVE-2019-19290.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center\nServer (CCS) contains a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server where CCS is installed.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed." } ] },