admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-14 12:00:34 +00:00
parent 03f9ef7c17
commit 3fbe4e6738
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
44 changed files with 7832 additions and 802 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
2021/37xxx/CVE-2021-37209.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 (All versions < V5.7.0), RUGGEDCOM RS416v2 (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device."
"value": "A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All versions < V4.3.8), RUGGEDCOM i802 (All versions < V4.3.8), RUGGEDCOM i803 (All versions < V4.3.8), RUGGEDCOM M2100 (All versions < V4.3.8), RUGGEDCOM M2200 (All versions < V4.3.8), RUGGEDCOM M969 (All versions < V4.3.8), RUGGEDCOM RMC30 (All versions < V4.3.8), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.8), RUGGEDCOM RMC8388 V5.X (All versions < V5.7.0), RUGGEDCOM RP110 (All versions < V4.3.8), RUGGEDCOM RS1600 (All versions < V4.3.8), RUGGEDCOM RS1600F (All versions < V4.3.8), RUGGEDCOM RS1600T (All versions < V4.3.8), RUGGEDCOM RS400 (All versions < V4.3.8), RUGGEDCOM RS401 (All versions < V4.3.8), RUGGEDCOM RS416 (All versions < V4.3.8), RUGGEDCOM RS416P (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.7.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.8), RUGGEDCOM RS416v2 V5.X (All versions < V5.7.0), RUGGEDCOM RS8000 (All versions < V4.3.8), RUGGEDCOM RS8000A (All versions < V4.3.8), RUGGEDCOM RS8000H (All versions < V4.3.8), RUGGEDCOM RS8000T (All versions < V4.3.8), RUGGEDCOM RS900 (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900G (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RS900GP (All versions < V4.3.8), RUGGEDCOM RS900L (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-GETS-XX (All versions < V4.3.8), RUGGEDCOM RS900M-STND-C01 (All versions < V4.3.8), RUGGEDCOM RS900M-STND-XX (All versions < V4.3.8), RUGGEDCOM RS900W (All versions < V4.3.8), RUGGEDCOM RS910 (All versions < V4.3.8), RUGGEDCOM RS910L (All versions < V4.3.8), RUGGEDCOM RS910W (All versions < V4.3.8), RUGGEDCOM RS920L (All versions < V4.3.8), RUGGEDCOM RS920W (All versions < V4.3.8), RUGGEDCOM RS930L (All versions < V4.3.8), RUGGEDCOM RS930W (All versions < V4.3.8), RUGGEDCOM RS940G (All versions < V4.3.8), RUGGEDCOM RS969 (All versions < V4.3.8), RUGGEDCOM RSG2100 (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.8), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.7.0), RUGGEDCOM RSG2100P (All versions < V4.3.8), RUGGEDCOM RSG2200 (All versions < V4.3.8), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2288 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300 V5.X (All versions < V5.7.0), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.8), RUGGEDCOM RSG2300P V5.X (All versions < V5.7.0), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.8), RUGGEDCOM RSG2488 V5.X (All versions < V5.7.0), RUGGEDCOM RSG907R (All versions < V5.7.0), RUGGEDCOM RSG908C (All versions < V5.7.0), RUGGEDCOM RSG909R (All versions < V5.7.0), RUGGEDCOM RSG910C (All versions < V5.7.0), RUGGEDCOM RSG920P V4.X (All versions < V4.3.8), RUGGEDCOM RSG920P V5.X (All versions < V5.7.0), RUGGEDCOM RSL910 (All versions < V5.7.0), RUGGEDCOM RST2228 (All versions < V5.7.0), RUGGEDCOM RST2228P (All versions < V5.7.0), RUGGEDCOM RST916C (All versions < V5.7.0), RUGGEDCOM RST916P (All versions < V5.7.0). The SSH server on affected devices is configured to offer weak ciphers by default.\r\n\r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device."
}
]
},
@ -234,7 +234,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416Pv2",
"product_name": "RUGGEDCOM RS416Pv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
"version": {
"version_data": [
{
@ -245,7 +256,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416v2",
"product_name": "RUGGEDCOM RS416v2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V5.X",
"version": {
"version_data": [
{

6
2022/24xxx/CVE-2022-24287.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP 1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP 2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode."
}
]
},
@ -107,7 +107,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.4 SP 1 Update 21"
"version_value": "All versions < V7.4 SP1 Update 21"
}
]
}
@ -118,7 +118,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.5 SP 2 Update 8"
"version_value": "All versions < V7.5 SP2 Update 8"
}
]
}

54
2022/34xxx/CVE-2022-34663.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices are vulnerable to a web-based code injection attack via the console.\r\n\r\nAn attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected\r\ndevice."
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices are vulnerable to a web-based code injection attack via the console.\r\n\r\nAn attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected\r\ndevice."
}
]
},
@ -465,7 +465,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416NC v2",
"product_name": "RUGGEDCOM RS416NCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416NCv2 V5.X",
"version": {
"version_data": [
{
@ -509,7 +520,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416PNC v2",
"product_name": "RUGGEDCOM RS416PNCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416PNCv2 V5.X",
"version": {
"version_data": [
{
@ -520,7 +542,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416Pv2",
"product_name": "RUGGEDCOM RS416Pv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
"version": {
"version_data": [
{
@ -531,7 +564,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416v2",
"product_name": "RUGGEDCOM RS416v2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V5.X",
"version": {
"version_data": [
{

134
2022/39xxx/CVE-2022-39158.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. \r\n\r\nThis could allow a remote attacker to create a denial of service condition that persists until the attack ends."
"value": "Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. \r\n\r\nThis could allow a remote attacker to create a denial of service condition that persists until the attack ends."
}
]
},
@ -259,6 +259,10 @@
"product_name": "RUGGEDCOM RMC8388 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -469,7 +473,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416NC v2",
"product_name": "RUGGEDCOM RS416NCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416NCv2 V5.X",
"version": {
"version_data": [
{
@ -517,7 +532,18 @@
}
},
{
"product_name": "RUGGEDCOM RS416PNC v2",
"product_name": "RUGGEDCOM RS416PNCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416PNCv2 V5.X",
"version": {
"version_data": [
{
@ -532,9 +558,24 @@
}
},
{
"product_name": "RUGGEDCOM RS416Pv2",
"product_name": "RUGGEDCOM RS416Pv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -543,9 +584,24 @@
}
},
{
"product_name": "RUGGEDCOM RS416v2",
"product_name": "RUGGEDCOM RS416v2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -667,6 +723,10 @@
"product_name": "RUGGEDCOM RS900 (32M) V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -711,6 +771,10 @@
"product_name": "RUGGEDCOM RS900G (32M) V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1159,6 +1223,10 @@
"product_name": "RUGGEDCOM RSG2100 (32M) V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1295,6 +1363,10 @@
"product_name": "RUGGEDCOM RSG2288 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1343,6 +1415,10 @@
"product_name": "RUGGEDCOM RSG2300 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1402,6 +1478,10 @@
"product_name": "RUGGEDCOM RSG2300P V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1461,6 +1541,10 @@
"product_name": "RUGGEDCOM RSG2488 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1509,6 +1593,10 @@
"product_name": "RUGGEDCOM RSG907R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1520,6 +1608,10 @@
"product_name": "RUGGEDCOM RSG908C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1531,6 +1623,10 @@
"product_name": "RUGGEDCOM RSG909R",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1542,6 +1638,10 @@
"product_name": "RUGGEDCOM RSG910C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1564,6 +1664,10 @@
"product_name": "RUGGEDCOM RSG920P V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1601,6 +1705,10 @@
"product_name": "RUGGEDCOM RSL910",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1627,6 +1735,10 @@
"product_name": "RUGGEDCOM RST2228",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1638,6 +1750,10 @@
"product_name": "RUGGEDCOM RST2228P",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1649,6 +1765,10 @@
"product_name": "RUGGEDCOM RST916C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
@ -1660,6 +1780,10 @@
"product_name": "RUGGEDCOM RST916P",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"
},
{
"version_affected": "=",
"version_value": "All versions < V5.6.0"

118
2023/24xxx/CVE-2023-24845.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network.\r\n\r\nAn attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior."
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network.\r\n\r\nAn attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior."
}
]
},
@ -261,7 +261,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -283,7 +283,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -465,12 +465,23 @@
}
},
{
"product_name": "RUGGEDCOM RS416NC v2",
"product_name": "RUGGEDCOM RS416NCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416NCv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.8.0"
}
]
}
@ -509,34 +520,67 @@
}
},
{
"product_name": "RUGGEDCOM RS416PNC v2",
"product_name": "RUGGEDCOM RS416PNCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2",
"product_name": "RUGGEDCOM RS416PNCv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2",
"product_name": "RUGGEDCOM RS416Pv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.8.0"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.8.0"
}
]
}
@ -661,7 +705,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -705,7 +749,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -749,7 +793,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -937,7 +981,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1157,7 +1201,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1201,7 +1245,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1289,7 +1333,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1311,7 +1355,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1333,7 +1377,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1366,7 +1410,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1388,7 +1432,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1421,7 +1465,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1443,7 +1487,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1476,7 +1520,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1487,7 +1531,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1498,7 +1542,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1509,7 +1553,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1520,7 +1564,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1542,7 +1586,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1564,7 +1608,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1575,7 +1619,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1586,7 +1630,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1597,7 +1641,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1608,7 +1652,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1619,7 +1663,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1630,7 +1674,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}

22
2023/28xxx/CVE-2023-28831.json
View File

@ -35,6 +35,17 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC BRAUMAT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V8.1 SP1"
}
]
}
},
{
"product_name": "SIMATIC Cloud Connect 7 CC712",
"version": {
@ -742,6 +753,17 @@
]
}
},
{
"product_name": "SIMATIC SISTAR",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V8.1 SP1"
}
]
}
},
{
"product_name": "SIMATIC WinCC OA V3.17",
"version": {

29
2023/38xxx/CVE-2023-38070.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

29
2023/38xxx/CVE-2023-38071.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

29
2023/38xxx/CVE-2023-38072.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

29
2023/38xxx/CVE-2023-38073.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

29
2023/38xxx/CVE-2023-38074.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

29
2023/38xxx/CVE-2023-38075.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

29
2023/38xxx/CVE-2023-38076.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)"
"value": "A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)"
}
]
},
@ -100,6 +100,28 @@
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2201",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2201.0010"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2302.0004"
}
]
}
}
]
}
@ -113,6 +135,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-278349.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478780.pdf"
}
]
},

6
2023/38xxx/CVE-2023-38524.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38525.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38526.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38527.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -63,7 +63,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -85,7 +85,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38528.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -78,7 +78,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -100,7 +100,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38529.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38530.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38531.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

6
2023/38xxx/CVE-2023-38532.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
}
]
},
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.1.0.11"
}
]
}
@ -96,7 +96,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V14.3.0.3"
}
]
}

118
2023/39xxx/CVE-2023-39269.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition.\r\nAn attacker may cause total loss of availability of the web server, which might recover after the attack is over."
"value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition.\r\nAn attacker may cause total loss of availability of the web server, which might recover after the attack is over."
}
]
},
@ -261,7 +261,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -283,7 +283,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -465,12 +465,23 @@
}
},
{
"product_name": "RUGGEDCOM RS416NC v2",
"product_name": "RUGGEDCOM RS416NCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416NCv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.8.0"
}
]
}
@ -509,34 +520,67 @@
}
},
{
"product_name": "RUGGEDCOM RS416PNC v2",
"product_name": "RUGGEDCOM RS416PNCv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2",
"product_name": "RUGGEDCOM RS416PNCv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2",
"product_name": "RUGGEDCOM RS416Pv2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.8.0"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V4.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.3.8"
}
]
}
},
{
"product_name": "RUGGEDCOM RS416v2 V5.X",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.8.0"
}
]
}
@ -657,7 +701,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -701,7 +745,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -745,7 +789,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -921,7 +965,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1141,7 +1185,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1185,7 +1229,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1273,7 +1317,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1295,7 +1339,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1317,7 +1361,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1350,7 +1394,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1372,7 +1416,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1405,7 +1449,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1427,7 +1471,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1460,7 +1504,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1471,7 +1515,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1482,7 +1526,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1493,7 +1537,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1504,7 +1548,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1526,7 +1570,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1548,7 +1592,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1559,7 +1603,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1570,7 +1614,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1581,7 +1625,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1592,7 +1636,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1603,7 +1647,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}
@ -1614,7 +1658,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_value": "All versions < V5.8.0"
}
]
}

29
2023/41xxx/CVE-2023-41032.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)"
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)"
}
]
},
@ -78,6 +78,28 @@
}
]
}
},
{
"product_name": "Simcenter Femap V2301",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2301.0003"
}
]
}
},
{
"product_name": "Simcenter Femap V2306",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2306.0001"
}
]
}
}
]
}
@ -91,6 +113,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf"
}
]
},

29
2023/41xxx/CVE-2023-41033.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)"
"value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156), Simcenter Femap V2301 (All versions < V2301.0003), Simcenter Femap V2306 (All versions < V2306.0001). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)"
}
]
},
@ -67,6 +67,28 @@
}
]
}
},
{
"product_name": "Simcenter Femap V2301",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2301.0003"
}
]
}
},
{
"product_name": "Simcenter Femap V2306",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2306.0001"
}
]
}
}
]
}
@ -80,6 +102,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-190839.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887122.pdf"
}
]
},

64
2023/43xxx/CVE-2023-43503.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "COMOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V10.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
]
}

64
2023/43xxx/CVE-2023-43504.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "COMOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V10.4.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
}
]
}

64
2023/43xxx/CVE-2023-43505.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "COMOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
}
]
}

820
2023/44xxx/CVE-2023-44317.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data",
"cweId": "CWE-349"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

820
2023/44xxx/CVE-2023-44318.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
]
}

820
2023/44xxx/CVE-2023-44319.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328: Use of Weak Hash",
"cweId": "CWE-328"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
}
]
}

820
2023/44xxx/CVE-2023-44320.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425: Direct Request ('Forced Browsing')",
"cweId": "CWE-425"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

820
2023/44xxx/CVE-2023-44321.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"baseScore": 2.7,
"baseSeverity": "LOW"
}
]
}

820
2023/44xxx/CVE-2023-44322.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44322",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252: Unchecked Return Value",
"cweId": "CWE-252"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"baseScore": 3.7,
"baseSeverity": "LOW"
}
]
}

820
2023/44xxx/CVE-2023-44373.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

820
2023/44xxx/CVE-2023-44374.json
View File

@ -1,17 +1,829 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-44374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context",
"cweId": "CWE-567"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE XB205-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB205-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB208 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3 (ST, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB213-3LD (SC, PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (E/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XB216 (PN)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (SC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2 (ST/BFOC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G (EIP DEF.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC206-2SFP G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G (EIP def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC208G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-3G PoE (54 V DC)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G (EIP Def.)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XC224-4C G EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204 DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA DNA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP208PoE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216 (Ethernet/IP)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XP216POE EEC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 x FE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR324WG (24 X FE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR326-2C PoE WG (without UL)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
},
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC206-2SFP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC208",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE XC216-4C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

97
2023/45xxx/CVE-2023-45794.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45794",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app's model and access control design.\r\n\r\nThis could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay",
"cweId": "CWE-294"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Mendix Applications using Mendix 10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V10.4.0"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.23.37"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 8",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V8.18.27"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 9",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V9.24.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-084182.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
]
}

64
2023/46xxx/CVE-2023-46096.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS neo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

64
2023/46xxx/CVE-2023-46097.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS neo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
]
}

64
2023/46xxx/CVE-2023-46098.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46098",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"cweId": "CWE-942"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS neo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8,
"baseSeverity": "HIGH"
}
]
}

64
2023/46xxx/CVE-2023-46099.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46099",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS neo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-456933.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
]
}

64
2023/46xxx/CVE-2023-46590.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46590",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Siemens OPC UA Modelling Editor (SiOME)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197270.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197270.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

64
2023/46xxx/CVE-2023-46601.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "COMOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
}
]
}

606
2023/4xxx/CVE-2023-4128.json
View File

@ -5,615 +5,13 @@
"CVE_data_meta": {
"ID": "CVE-2023-4128",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5-rc5",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-147.90.1.el8_1",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-193.116.1.el8_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-193.116.1.rt13.167.el8_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-193.116.1.el8_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-193.116.1.el8_2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.108.1.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.108.1.rt7.183.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.108.1.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-305.108.1.el8_4",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-372.75.1.el8_6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.14.0-362.8.1.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.14.0-362.8.1.el9_3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.14.0-70.75.1.el9_0",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:5.14.0-70.75.1.rt21.146.el9_0",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:4.18.0-372.75.1.el8_6",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5235",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5235"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5238",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5238"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5548",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5548"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5575",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5575"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5580",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5580"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5588",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5588"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5589",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5589"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5603",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5603"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5604",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5604"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5627",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5627"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5628",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5628"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5775",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5775"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5794",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5794"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:6583",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:6583"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4128",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-4128"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q/"
},
{
"url": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/",
"refsource": "MISC",
"name": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0002/",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20231027-0002/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
}
]
},
"work_around": [
{
"lang": "en",
"value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
"value": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
}
]
}