add 1 CVE

2025-05-07 11:06:39 +00:00 · 2022-08-10 12:16:25 +02:00 · 2022-08-10 12:16:25 +02:00 · 3a62f26b0d
commit 3a62f26b0d
parent e81edbc19f
1 changed files with 79 additions and 6 deletions
--- a/2022/2xxx/CVE-2022-2242.json
+++ b/2022/2xxx/CVE-2022-2242.json
@ -1,18 +1,91 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "info@cert.vde.com",
+        "DATE_PUBLIC": "2022-08-10T10:00:00.000Z",
        "ID": "CVE-2022-2242",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "KUKA V/KSS WoV SH access control vulnerability"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "SystemSoftware V/KSS",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "8.2",
+                                            "version_value": "8.6.5"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "KUKA"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default)."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 9.8,
+            "baseSeverity": "CRITICAL",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-306 Missing Authentication for Critical Function"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://www.kuka.com/advisories-CVE-2022-2242",
+                "refsource": "CONFIRM",
+                "url": "https://www.kuka.com/advisories-CVE-2022-2242"
+            }
+        ]
+    },
+    "source": {
+        "defect": [
+            "CERT@VDE#64153"
+        ],
+        "discovery": "UNKNOWN"
    }
 }