admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-10-17 22:00:36 +00:00
parent 5746cabe06
commit 40ab6c5fcf
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
9 changed files with 476 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
2020/8xxx/CVE-2020-8973.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-30T11:00:00.000Z",
"ID": "CVE-2020-8973",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ZGR TPS200 NG Improper access control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZGR TPS200 NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.00",
"version_value": "firmware version 2.00"
},
{
"version_affected": "=",
"version_name": "1.01",
"version_value": "hardware version 1.01"
}
]
}
}
]
},
"vendor_name": "ZGR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aar\ufffdn Flecha Men\ufffdndez."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user on the web that owns the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: improper access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"source": {
"advisory": "INCIBE-2022-0936",
"defect": [
"INCIBE-2020-0029"
],
"discovery": "EXTERNAL"
}
}

103
2020/8xxx/CVE-2020-8974.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-30T11:00:00.000Z",
"ID": "CVE-2020-8974",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ZGR TPS200 NG Missing Reference to Active Allocated Resource"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZGR TPS200 NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.00",
"version_value": "firmware version 2.00"
},
{
"version_affected": "=",
"version_name": "1.01",
"version_value": "hardware version 1.01"
}
]
}
}
]
},
"vendor_name": "ZGR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aar\ufffdn Flecha Men\ufffdndez."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-771: Missing Reference to Active Allocated Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"source": {
"advisory": "INCIBE-2022-0936",
"defect": [
"INCIBE-2020-0029"
],
"discovery": "EXTERNAL"
}
}

103
2020/8xxx/CVE-2020-8975.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-30T11:00:00.000Z",
"ID": "CVE-2020-8975",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ZGR TPS200 NG Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZGR TPS200 NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.00",
"version_value": "firmware version 2.00"
},
{
"version_affected": "=",
"version_name": "1.01",
"version_value": "hardware version 1.01"
}
]
}
}
]
},
"vendor_name": "ZGR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aaron Flecha Menendez."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-201: Insertion of Sensitive Information Into Sent Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"source": {
"advisory": "INCIBE-2022-0936",
"defect": [
"INCIBE-2020-0029"
],
"discovery": "EXTERNAL"
}
}

103
2020/8xxx/CVE-2020-8976.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-30T11:00:00.000Z",
"ID": "CVE-2020-8976",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "ZGR TPS200 Cross-Site Request Forgery (CSRF)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZGR TPS200 NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.00",
"version_value": "firmware version 2.00"
},
{
"version_affected": "=",
"version_name": "1.01",
"version_value": "hardware version 1.01"
}
]
}
}
]
},
"vendor_name": "ZGR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aar\ufffdn Flecha Men\ufffdndez."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The integrated server of the ZGR TPS200 NG on its 2.00 firmware version and 1.01 hardware version, allows a remote attacker to perform actions with the permissions of a victim user. For this to happen, the victim user has to have an active session and triggers the malicious request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"source": {
"advisory": "INCIBE-2022-0936",
"defect": [
"INCIBE-2020-0029"
],
"discovery": "EXTERNAL"
}
}

5
2022/2xxx/CVE-2022-2078.json
View File

@ -44,6 +44,11 @@
},
"references": {
"reference_data": [
{
"refsource": "DEBIAN",
"name": "DSA-5161",
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85",

50
2022/3xxx/CVE-2022-3158.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FactoryTalk VantagePoint",
"version": {
"version_data": [
{
"version_value": "8.0, 8.10, 8.20, 8.30, 8.31"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server."
}
]
}

5
2022/3xxx/CVE-2022-3552.json
View File

@ -79,11 +79,6 @@
"name": "https://github.com/boxbilling/boxbilling/commit/b6705995785eaa8653e876318c9b3d82060dc945",
"refsource": "MISC",
"url": "https://github.com/boxbilling/boxbilling/commit/b6705995785eaa8653e876318c9b3d82060dc945"
},
{
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2022-3552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3552"
}
]
},

18
2022/3xxx/CVE-2022-3569.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3569",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/3xxx/CVE-2022-3570.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3570",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}