admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-22 11:00:34 +00:00
parent 9584a8921d
commit 3f5d6ce3c3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 236 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2018/11xxx/CVE-2018-11770.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-08-13T00:00:00",
"ID": "CVE-2018-11770",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Spark",
"version": {
"version_data": [
{
"version_value": "1.3.0 and later"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -51,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Spark",
"version": {
"version_data": [
{
"version_value": "1.3.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://spark.apache.org/security.html#CVE-2018-11770",
"refsource": "CONFIRM",
"url": "https://spark.apache.org/security.html#CVE-2018-11770"
"url": "https://spark.apache.org/security.html#CVE-2018-11770",
"refsource": "MISC",
"name": "https://spark.apache.org/security.html#CVE-2018-11770"
},
{
"name": "[dev] 20180813 CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E"
"url": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E"
},
{
"name": "105097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105097"
"url": "http://www.securityfocus.com/bid/105097",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/105097"
}
]
}

74
2018/11xxx/CVE-2018-11804.json
View File

@ -1,36 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-24T00:00:00",
"ID": "CVE-2018-11804",
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Spark",
"version": {
"version_data": [
{
"version_value": "branches 1.3.x and later, including master"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -51,22 +27,46 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Spark",
"version": {
"version_data": [
{
"version_value": "1.3.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "[dev] 20181024 CVE-2018-11804: Apache Spark build/mvn runs zinc, and can expose information from build machines",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E"
"url": "https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E"
},
{
"name": "https://spark.apache.org/security.html#CVE-2018-11804",
"refsource": "CONFIRM",
"url": "https://spark.apache.org/security.html#CVE-2018-11804"
"url": "https://spark.apache.org/security.html#CVE-2018-11804",
"refsource": "MISC",
"name": "https://spark.apache.org/security.html#CVE-2018-11804"
},
{
"name": "105756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105756"
"url": "http://www.securityfocus.com/bid/105756",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/105756"
}
]
}

166
2022/2xxx/CVE-2022-2513.json
View File

@ -1,17 +1,175 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2513",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@hitachienergy.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy\u2019s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information",
"cweId": "CWE-312"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Hitachi Energy",
"product": {
"product_data": [
{
"product_name": "PCM600",
"version": {
"version_data": [
{
"version_value": "v2.6",
"version_affected": "="
}
]
}
},
{
"product_name": "670 Connectivity Package",
"version": {
"version_data": [
{
"version_value": "3.0",
"version_affected": "="
}
]
}
},
{
"product_name": "650 Connectivity Package",
"version": {
"version_data": [
{
"version_value": "1.3",
"version_affected": "="
}
]
}
},
{
"product_name": "SAM600-IO Connectivity Package",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
}
]
}
},
{
"product_name": "GMS600 Connectivity Package",
"version": {
"version_data": [
{
"version_value": "1.3",
"version_affected": "="
}
]
}
},
{
"product_name": "PWC600 Connectivity Package",
"version": {
"version_data": [
{
"version_value": "1.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000120&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000120&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "8DBD000120",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nIt is recommended to implement and continuously revise least privileges principles to minimize permissions and\naccesses to PCM600 related resources, included the backup file, PCMI/PCMP file.<br><br> Recommended security\npractices and firewall configurations can help protect a process control network from attacks that originate from\noutside the network. Such practices include that process control systems are physically protected from direct\naccess by unauthorized personnel, have no direct connections to the Internet, and are separated from other\nnetworks by means of a firewall system that has a minimal number of ports exposed, and others that have to be\nevaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or\nreceiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses\nbefore they are connected to a control system. <br><br>An additional recommendation is to follow the hardening guidelines published by \u201cThe Center for Internet Security\n(CIS)\u201d <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisecurity.org/about-us/\">https://www.cisecurity.org/about-us/</a> to protect the host Operating System.\n<br><br>More information to deploy PCM600 securely can be found in the following documents:\n1MRS758440, PCM600 Cyber Security Deployment Guideline\n\n\n\n\n<br>"
}
],
"value": "\n\n\nIt is recommended to implement and continuously revise least privileges principles to minimize permissions and\naccesses to PCM600 related resources, included the backup file, PCMI/PCMP file.\n\n Recommended security\npractices and firewall configurations can help protect a process control network from attacks that originate from\noutside the network. Such practices include that process control systems are physically protected from direct\naccess by unauthorized personnel, have no direct connections to the Internet, and are separated from other\nnetworks by means of a firewall system that has a minimal number of ports exposed, and others that have to be\nevaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or\nreceiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses\nbefore they are connected to a control system. \n\nAn additional recommendation is to follow the hardening guidelines published by \u201cThe Center for Internet Security\n(CIS)\u201d https://www.cisecurity.org/about-us/ https://www.cisecurity.org/about-us/ to protect the host Operating System.\n\n\nMore information to deploy PCM600 securely can be found in the following documents:\n1MRS758440, PCM600 Cyber Security Deployment Guideline\n\n\n\n\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate to PCM600 v2.11 Hotfix 20220923 or apply mitigation\nfactors/workarounds as described in the Mitigation Factors/Workarounds Section.<br><br>List of CPEs:&nbsp;<br>cpe:2.3:a:hitachienergy:pcm600:*:*:*:*:*:*:*:*<br><br>cpe:2.3:a:hitachienergy:670ConnectivityPackage:3.4.1:*:*:*:*:*:*:*<br>\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.3.0:*:*:*:*:*:*:*\n<br>\n\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.2.6:*:*:*:*:*:*:*\n\n<br>\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.1.2:*:*:*:*:*:*:*<br>\n\n\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.0.2:*:*:*:*:*:*:*<br>\n\n<br>cpe:2.3:a:hitachienergy:650ConnectivityPackage:2.4.1:*:*:*:*:*:*:*<br>\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.3.0:*:*:*:*:*:*:*<br>\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.2.2:*:*:*:*:*:*:*<br>\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.1.2:*:*:*:*:*:*:*<br>\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:1.3.0:*:*:*:*:*:*:*<br>\n\n<br>cpe:2.3:a:hitachienergy:sam600ioConnectivityPackage:1.2.0:*:*:*:*:*:*:*<br>\n\ncpe:2.3:a:hitachienergy:sam600ioConnectivityPackage:1.1.0:*:*:*:*:*:*:*<br>\n\n\n\ncpe:2.3:a:hitachienergy:sam600ioConnectivityPackage:1.0.0:*:*:*:*:*:*:*\n\n<br><br>cpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.3.0:*:*:*:*:*:*:*<br>\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.2.0:*:*:*:*:*:*:*\n\n<br>\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.1.2:*:*:*:*:*:*:*\n\n<br>\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.1.1:*:*:*:*:*:*:*\n\n<br>\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.1.0:*:*:*:*:*:*:*\n\n<br><br>cpe:2.3:a:hitachienergy:gms600ConnectivityPackage:1.3.1:*:*:*:*:*:*:*<br>\n\ncpe:2.3:a:hitachienergy:gms600ConnectivityPackage:1.3.0:*:*:*:*:*:*:*\n\n<br> \n\n<br>"
}
],
"value": "\nUpdate to PCM600 v2.11 Hotfix 20220923 or apply mitigation\nfactors/workarounds as described in the Mitigation Factors/Workarounds Section.\n\nList of CPEs:\u00a0\ncpe:2.3:a:hitachienergy:pcm600:*:*:*:*:*:*:*:*\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.4.1:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.3.0:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.2.6:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.1.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:670ConnectivityPackage:3.0.2:*:*:*:*:*:*:*\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.4.1:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.3.0:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.2.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:2.1.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:650ConnectivityPackage:1.3.0:*:*:*:*:*:*:*\n\n\n\ncpe:2.3:a:hitachienergy:sam600ioConnectivityPackage:1.2.0:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:sam600ioConnectivityPackage:1.1.0:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:sam600ioConnectivityPackage:1.0.0:*:*:*:*:*:*:*\n\n\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.3.0:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.2.0:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.1.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.1.1:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:pwc600ConnectivityPackage:1.1.0:*:*:*:*:*:*:*\n\n\n\ncpe:2.3:a:hitachienergy:gms600ConnectivityPackage:1.3.1:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:gms600ConnectivityPackage:1.3.0:*:*:*:*:*:*:*\n\n\n \n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "PSE - Polskie Sieci Elektroenergetyczne (Polish Power Grid Company (PPGC))"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}