admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

JPCERT/CC 2023-06-19-11-33

Browse Source
This commit is contained in:
Ikuya Fukumoto 2023-06-19 11:34:20 +09:00
parent 091661c0a9
commit 4218763916
No known key found for this signature in database
GPG Key ID: B8D62C41E9CD3E19
10 changed files with 512 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
2023/27xxx/CVE-2023-27396.json
View File

@ -4,14 +4,73 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OMRON Corporation",
"product": {
"product_data": [
{
"product_name": "Multiple OMRON products which implement FINS protocol",
"version": {
"version_data": [
{
"version_value": "SYSMAC CS-series CPU Units all versions, SYSMAC CJ-series CPU Units all versions, SYSMAC CP-series CPU Units all versions, SYSMAC NJ-series CPU Units all versions, SYSMAC NX1P-series CPU Units all versions, SYSMAC NX102-series CPU Units all versions, and SYSMAC NX7 Database Connection CPU Units Ver.1.16 or later"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Design"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf"
},
{
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
},
{
"url": "https://jvn.jp/en/ta/JVNTA91513661/"
},
{
"url": "https://jvn.jp/ta/JVNTA91513661/"
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)"
}
]
}

53
2023/30xxx/CVE-2023-30759.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30759",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ricoh Company, Ltd.",
"product": {
"product_data": [
{
"product_name": "Printer Driver Packager NX",
"version": {
"version_data": [
{
"version_value": "v1.0.02 to v1.1.25"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege."
}
]
}

53
2023/31xxx/CVE-2023-31239.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "V-Server and V-Server Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file."
}
]
}

53
2023/32xxx/CVE-2023-32201.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32201",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273."
}
]
}

53
2023/32xxx/CVE-2023-32270.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of memory location after end of buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
]
}

53
2023/32xxx/CVE-2023-32273.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201."
}
]
}

53
2023/32xxx/CVE-2023-32276.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32276",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
]
}

53
2023/32xxx/CVE-2023-32288.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution."
}
]
}

53
2023/32xxx/CVE-2023-32538.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201."
}
]
}

53
2023/32xxx/CVE-2023-32542.json
View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FUJI ELECTRIC CO., LTD.",
"product": {
"product_data": [
{
"product_name": "TELLUS and TELLUS Lite",
"version": {
"version_data": [
{
"version_value": "v4.0.15.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98818508/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution."
}
]
}