mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 10:41:46 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
626ccd7af3
commit
4acedb95d1
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2017-12741",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2017-12741",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400: Uncontrolled Resource Consumption",
|
||||
"cweId": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,6 +40,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.1.1 Patch 05"
|
||||
}
|
||||
]
|
||||
@ -29,6 +51,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.5"
|
||||
}
|
||||
]
|
||||
@ -39,6 +62,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.5"
|
||||
}
|
||||
]
|
||||
@ -49,117 +73,162 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200AL",
|
||||
"product_name": "SIMATIC ET 200AL IM 157-1 PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200M (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200M (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.0.2"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.2"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-3 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200S (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-4 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.2.0"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.0.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -169,6 +238,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -179,6 +249,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -189,6 +260,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -199,6 +271,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -209,6 +282,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -219,6 +293,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -229,6 +304,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -239,6 +315,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -249,6 +326,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -259,6 +337,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -269,6 +348,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -279,6 +359,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -289,16 +370,18 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200pro",
|
||||
"product_name": "SIMATIC ET200S (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -309,6 +392,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.2.0"
|
||||
}
|
||||
]
|
||||
@ -319,6 +403,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.2.3"
|
||||
}
|
||||
]
|
||||
@ -329,6 +414,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.0"
|
||||
}
|
||||
]
|
||||
@ -339,6 +425,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.0"
|
||||
}
|
||||
]
|
||||
@ -349,6 +436,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.03.01"
|
||||
}
|
||||
]
|
||||
@ -359,27 +447,33 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.X.16"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.X.16"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC S7-400 H V6\u00a0and below\u00a0CPU family (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V6.0.8"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V6.0.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V6.0.6"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V6.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -389,7 +483,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V7.0.2"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -399,6 +495,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V8.2.1"
|
||||
}
|
||||
]
|
||||
@ -409,7 +506,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V1.1.8"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.1.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -419,36 +518,41 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V1.1.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinAC RTX (F) 2010",
|
||||
"product_name": "SIMATIC WinAC RTX 2010",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2010 SP3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOCODE pro V EIP (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC WinAC RTX F 2010",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V1.0.2"
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2010 SP3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOCODE pro V PN (incl. SIPLUS variants)",
|
||||
"product_name": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.1.1"
|
||||
}
|
||||
]
|
||||
@ -459,16 +563,18 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V5.1 HF1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOTION D (incl. SIPLUS variants)",
|
||||
"product_name": "SIMOTION D",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V5.1 HF1"
|
||||
}
|
||||
]
|
||||
@ -479,6 +585,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.4 HF26"
|
||||
}
|
||||
]
|
||||
@ -489,6 +596,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.5 HF5"
|
||||
}
|
||||
]
|
||||
@ -499,6 +607,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V5.1 HF1"
|
||||
}
|
||||
]
|
||||
@ -509,6 +618,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.4 SP1 HF6"
|
||||
}
|
||||
]
|
||||
@ -519,6 +629,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.2 HF2"
|
||||
}
|
||||
]
|
||||
@ -529,6 +640,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 SP9 HF1"
|
||||
}
|
||||
]
|
||||
@ -539,6 +651,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 SP9 HF1"
|
||||
}
|
||||
]
|
||||
@ -549,6 +662,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 HF29"
|
||||
}
|
||||
]
|
||||
@ -559,6 +673,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 HF4"
|
||||
}
|
||||
]
|
||||
@ -569,6 +684,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 HF29"
|
||||
}
|
||||
]
|
||||
@ -579,6 +695,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 HF4"
|
||||
}
|
||||
]
|
||||
@ -589,6 +706,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 SP5 HF7"
|
||||
}
|
||||
]
|
||||
@ -599,6 +717,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 SP2"
|
||||
}
|
||||
]
|
||||
@ -609,6 +728,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 HF31"
|
||||
}
|
||||
]
|
||||
@ -619,16 +739,29 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.4 SP3 HF6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -639,6 +772,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 HF29"
|
||||
}
|
||||
]
|
||||
@ -649,26 +783,18 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 HF5"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS S150 V4.7 w. PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 HF29"
|
||||
}
|
||||
]
|
||||
@ -679,6 +805,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 HF4"
|
||||
}
|
||||
]
|
||||
@ -689,6 +816,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.7 HF30"
|
||||
}
|
||||
]
|
||||
@ -699,6 +827,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 SP2"
|
||||
}
|
||||
]
|
||||
@ -709,6 +838,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 SP2"
|
||||
}
|
||||
]
|
||||
@ -719,6 +849,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 SP2"
|
||||
}
|
||||
]
|
||||
@ -729,6 +860,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.02"
|
||||
}
|
||||
]
|
||||
@ -739,16 +871,138 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.8 SP3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIRIUS Soft Starter 3RW44 PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
@ -760,52 +1014,52 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-400: Uncontrolled Resource Consumption"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "BID",
|
||||
"name": "101964",
|
||||
"url": "https://www.securityfocus.com/bid/101964"
|
||||
"url": "https://www.securityfocus.com/bid/101964",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.securityfocus.com/bid/101964"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-346262.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-546832.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-141614.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-141614.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition."
|
||||
"value": "Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -35,57 +35,14 @@
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": " SIMATIC S7-400 CPU 414-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": " SIMATIC S7-400 CPU 414F-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": " SIMATIC S7-400 CPU 416-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": " SIMATIC S7-400 CPU 416F-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -95,8 +52,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -117,14 +75,97 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.2.0"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200AL IM 157-1 PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200M (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-3 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-4 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -135,7 +176,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -146,7 +187,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -157,7 +198,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -168,7 +209,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -178,24 +219,109 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.2.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200AL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -343,61 +469,6 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200M (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.3.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200pro",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200S (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
@ -410,100 +481,25 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.2.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.0.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.2.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -513,8 +509,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -580,7 +577,7 @@
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V3.3.17"
|
||||
"version_value": "All versions < V3.2.17"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -689,8 +686,57 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -700,8 +746,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V6.0.9"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V6.0.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -711,8 +758,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -733,8 +781,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.1.8"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.1.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -744,8 +793,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V1.1.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -876,8 +926,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -887,8 +938,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -920,8 +972,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -949,7 +1002,55 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU",
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -960,7 +1061,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU",
|
||||
"product_name": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -970,6 +1071,90 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET PN/PN Coupler",
|
||||
"version": {
|
||||
@ -1041,8 +1226,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1052,8 +1238,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V7.0.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1070,6 +1257,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -40,8 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -102,9 +103,13 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE M812-1 ADSL-Router (Annex A)",
|
||||
"product_name": "SCALANCE M812-1 ADSL-Router",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.3"
|
||||
@ -113,31 +118,13 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE M812-1 ADSL-Router (Annex B)",
|
||||
"product_name": "SCALANCE M816-1 ADSL-Router",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE M816-1 ADSL-Router (Annex A)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE M816-1 ADSL-Router (Annex B)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V4.3"
|
||||
@ -179,7 +166,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE M876-3 (EVDO)",
|
||||
"product_name": "SCALANCE M876-3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -223,7 +210,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE S615",
|
||||
"product_name": "SCALANCE S615 LAN-Router",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -872,7 +859,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XB-200",
|
||||
"product_name": "SCALANCE XB-200 family",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -993,7 +980,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XM-400",
|
||||
"product_name": "SCALANCE XM-400 family",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -1015,7 +1002,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XR-300WG",
|
||||
"product_name": "SCALANCE XR-300WG family",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -1026,7 +1013,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XR-500",
|
||||
"product_name": "SCALANCE XR-500 family",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -1346,12 +1333,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V3.3"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V3.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1361,8 +1345,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V3.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1379,7 +1364,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200AL IM157-1 PN",
|
||||
"product_name": "SIMATIC ET 200AL IM 157-1 PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -1389,6 +1374,123 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200M IM 153-4 PN IO HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200M IM 153-4 PN IO ST (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-3 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-4 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
|
||||
"version": {
|
||||
@ -1532,72 +1634,6 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All Versions < V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All Versions < V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200pro, IM 154-3 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200pro, IM 154-4 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200S (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
@ -1609,57 +1645,98 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All Versions < V3.3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All Versions < V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC IPC Support, Package for VxWorks",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV400",
|
||||
"product_name": "SIMATIC MV420 SR-B",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All Versions < V7.0.6"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV420 SR-B Body",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV420 SR-P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV420 SR-P Body",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV440 HR",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV440 SR",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV440 UR",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.0.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1752,6 +1829,126 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST BA",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.1.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 343-1",
|
||||
"version": {
|
||||
@ -1790,8 +1987,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V3.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1801,8 +1999,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V3.3"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -1841,6 +2040,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service."
|
||||
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6\u00a0and below\u00a0CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -102,7 +102,30 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200AL IM 157-1 PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -114,7 +137,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -126,7 +149,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -138,7 +161,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -150,7 +173,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -161,6 +184,65 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 MF HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
@ -185,17 +267,6 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200AL IM157-1 PN",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L",
|
||||
"version": {
|
||||
@ -294,72 +365,6 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 MF HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MICRO-DRIVE PDC",
|
||||
"version": {
|
||||
@ -547,12 +552,13 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)",
|
||||
"product_name": "SIMATIC S7-400 H V6\u00a0and below\u00a0CPU family (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -562,8 +568,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -650,7 +657,31 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU",
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -662,7 +693,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU",
|
||||
"product_name": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -673,6 +704,42 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET PN/PN Coupler",
|
||||
"version": {
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0), SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0), SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210 (6SL5...), SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0), SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0), SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
|
||||
"value": "The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -71,7 +71,19 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8 PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -82,7 +94,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8F PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -93,7 +105,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200pro IM154-8FX PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -104,7 +116,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200S IM151-8 PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -115,7 +127,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200S IM151-8F PN/DP CPU",
|
||||
"product_name": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -125,6 +137,65 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 MF HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L",
|
||||
"version": {
|
||||
@ -223,72 +294,6 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 MF HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions >= V4.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC PN/MF Coupler",
|
||||
"version": {
|
||||
@ -578,8 +583,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.5 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -649,8 +655,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -696,14 +703,39 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V1.04.04"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM151-8 PN/DP CPU",
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -714,7 +746,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200S IM151-8F PN/DP CPU",
|
||||
"product_name": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -724,6 +756,42 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V4.2.0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS HCS4200 CIM4210",
|
||||
"version": {
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-27221",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-27221",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-203: Observable Discrepancy",
|
||||
"cweId": "CWE-203"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-310: Cryptographic Issues"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-29034",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-29034",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code.\r\n\r\nThis could allow attackers to perform reflected cross-site scripting (XSS) attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
||||
"cweId": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,42 +53,37 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"name": "20220614 SEC Consult SA-20220614-0 :: Reflected Cross Site Scripting in SIEMENS-SINEMA Remote Connect",
|
||||
"url": "http://seclists.org/fulldisclosure/2022/Jun/35"
|
||||
"url": "http://seclists.org/fulldisclosure/2022/Jun/35",
|
||||
"refsource": "MISC",
|
||||
"name": "http://seclists.org/fulldisclosure/2022/Jun/35"
|
||||
},
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html",
|
||||
"refsource": "MISC",
|
||||
"name": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html",
|
||||
"url": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"
|
||||
"name": "http://packetstormsecurity.com/files/167554/SIEMENS-SINEMA-Remote-Connect-3.0.1.0-01.01.00.02-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,8 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.0"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -58,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32251",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32251",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306: Missing Authentication for Critical Function",
|
||||
"cweId": "CWE-306"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306: Missing Authentication for Critical Function"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32252",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32252",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-345: Insufficient Verification of Data Authenticity",
|
||||
"cweId": "CWE-345"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-345: Insufficient Verification of Data Authenticity"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32253",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32253",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20: Improper Input Validation",
|
||||
"cweId": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20: Improper Input Validation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 4.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32254",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32254",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-532: Insertion of Sensitive Information into Log File",
|
||||
"cweId": "CWE-532"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-532: Insertion of Sensitive Information into Log File"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32255",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32255",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32256",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32256",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control",
|
||||
"cweId": "CWE-284"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32258",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32258",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-448: Obsolete Feature in UI",
|
||||
"cweId": "CWE-448"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-448: Obsolete Feature in UI"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32259",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32259",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State",
|
||||
"cweId": "CWE-1244"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-1244: Improper Access to Sensitive Information Using Debug and Test Interfaces"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32260",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32260",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-286: Incorrect User Management",
|
||||
"cweId": "CWE-286"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-286: Incorrect User Management"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32261",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32261",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-233: Improper Handling of Parameters",
|
||||
"cweId": "CWE-233"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-233: Improper Handling of Parameters"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,12 +1,33 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-32262",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-32262",
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
@ -19,7 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.1"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -30,32 +53,27 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,110 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-45147",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.\r\n\r\nThis is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data",
|
||||
"cweId": "CWE-502"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC PCS neo V4.0",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-825651.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-825651.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -893,7 +893,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V8.0 Update 5"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,386 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-32735",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17 (All versions < V17 Update 7), SIMATIC STEP 7 V18 (All versions < V18 Update 2), SIMATIC WinCC Unified V16 (All versions < V16 Update 7), SIMATIC WinCC Unified V17 (All versions < V17 Update 7), SIMATIC WinCC Unified V18 (All versions < V18 Update 2), SIMATIC WinCC V16 (All versions < V16.7), SIMATIC WinCC V17 (All versions < V17.7), SIMATIC WinCC V18 (All versions < V18 Update 2), SIMOCODE ES V16 (All versions < V16 Update 7), SIMOCODE ES V17 (All versions < V17 Update 7), SIMOCODE ES V18 (All versions < V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 7), SIRIUS Safety ES V18 (All versions < V18 Update 2), SIRIUS Soft Starter ES V17 (All versions < V17 Update 7), SIRIUS Soft Starter ES V18 (All versions < V18 Update 2), Soft Starter ES V16 (All versions < V16 Update 7), TIA Portal Cloud V3.0 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.\r\n\r\nThis is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data",
|
||||
"cweId": "CWE-502"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 Safety V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V16 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 Safety V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 Safety V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V16 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC Unified V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V16 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC Unified V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC Unified V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V16.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17.7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOCODE ES V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V16 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOCODE ES V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOCODE ES V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOTION SCOUT TIA V5.4 SP1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOTION SCOUT TIA V5.4 SP3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMOTION SCOUT TIA V5.5 SP1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS Startdrive V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS Startdrive V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS Startdrive V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIRIUS Safety ES V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIRIUS Safety ES V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIRIUS Soft Starter ES V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V17 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIRIUS Soft Starter ES V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Soft Starter ES V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V16 Update 7"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "TIA Portal Cloud V3.0",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-779936.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-779936.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-32737",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.\r\n\r\nThis is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-502: Deserialization of Untrusted Data",
|
||||
"cweId": "CWE-502"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC STEP 7 Safety V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-313039.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-313039.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -40,8 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions < V2.0"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -58,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
|
||||
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -83,7 +83,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC NET PC Software",
|
||||
"product_name": "SIMATIC NET PC Software V16",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -94,6 +94,30 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC NET PC Software V17",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC NET PC Software V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC PCS 7 V9.1",
|
||||
"version": {
|
||||
@ -197,7 +221,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V16 Update 6"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -221,7 +245,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V18 Update 4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -233,7 +257,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V19 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -269,7 +293,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V7.5 SP2 Update 17"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -281,7 +305,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V8.0 Update 5"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -377,7 +401,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V18 Update 4"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
|
||||
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -90,7 +90,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V18 Update 4"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
|
||||
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -90,7 +90,7 @@
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
"version_value": "V18 Update 4"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition."
|
||||
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 16), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly validate the input provided in the login dialog box. An attacker could leverage this vulnerability to cause a persistent denial of service condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -63,8 +63,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V18 Update 4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -98,8 +99,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "All versions"
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V8.0 Update 5"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,17 +1,86 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-52238",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RUGGEDCOM RST2228",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RST2228P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,134 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-52891",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-1325: Improperly Controlled Sequential Memory Allocation",
|
||||
"cweId": "CWE-1325"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC Energy Manager Basic",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC Energy Manager PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC IPC DiagBase",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC IPC DiagMonitor",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMIT V10",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMIT V11",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V11.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,86 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-22271",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "security@vmware.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.\n\nSpecifically, an application is vulnerable when all of the following are true:\n\nUser is using Spring Cloud Function Web module\n\nAffected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8\n\nReferences https://spring.io/security/cve-2022-22979 \u00a0 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ \u00a0History 2020-01-16: Initial vulnerability report published."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Web DOS Vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Spring by VMware Tanzu",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Spring Cloud Function Framework",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "Spring Cloud Function Framework 4.1.0-4.1.2, Spring Cloud Function Framework 4.0.0-4.0.8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://spring.io/security/cve-2024-22271",
|
||||
"refsource": "MISC",
|
||||
"name": "https://spring.io/security/cve-2024-22271"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.2.0"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session"
|
||||
"value": "OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -40,8 +40,9 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2.6.10 and earlier"
|
||||
"version_affected": "<=",
|
||||
"version_name": "2.6.0",
|
||||
"version_value": "2.6.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,134 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-30321",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
|
||||
"cweId": "CWE-359"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC PCS 7 V9.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC Runtime Professional V18",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC Runtime Professional V19",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V19 Update 2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC V7.4",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.4 SP1 Update 23"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC V7.5",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.5 SP2 Update 17"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC WinCC V8.0",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V8.0 Update 5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-32056",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write",
|
||||
"cweId": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V27.1.215). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)"
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,13 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PS/IGES Parasolid Translator Component",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V27.1.215"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.90). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -36,37 +36,13 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Simcenter Nastran 2306",
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Simcenter Nastran 2312",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Simcenter Nastran 2406",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2406.90"
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -83,6 +59,11 @@
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html"
|
||||
},
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-33653",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read",
|
||||
"cweId": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-33654",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read",
|
||||
"cweId": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V2406"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,122 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-37513",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
|
||||
"cweId": "CWE-22"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Themewinter",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "WPCafe",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "2.2.28",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "2.2.27",
|
||||
"status": "affected",
|
||||
"version": "n/a",
|
||||
"versionType": "custom"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/wp-cafe/wordpress-wpcafe-plugin-2-2-27-local-file-inclusion-vulnerability?_s_id=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://patchstack.com/database/vulnerability/wp-cafe/wordpress-wpcafe-plugin-2-2-27-local-file-inclusion-vulnerability?_s_id=cve"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "Update to 2.2.28 or a higher version."
|
||||
}
|
||||
],
|
||||
"value": "Update to 2.2.28 or a higher version."
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara (Kinorth)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "CHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,122 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-37520",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder \u2013 Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder \u2013 Elementor WooCommerce Builder Addons: from n/a through 2.1.12."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
|
||||
"cweId": "CWE-22"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "RadiusTheme",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "ShopBuilder \u2013 Elementor WooCommerce Builder Addons",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "2.1.13",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "2.1.12",
|
||||
"status": "affected",
|
||||
"version": "n/a",
|
||||
"versionType": "custom"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "Update to 2.1.13 or a higher version."
|
||||
}
|
||||
],
|
||||
"value": "Update to 2.1.13 or a higher version."
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,122 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-37934",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
|
||||
"cweId": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Saturday Drive",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Ninja Forms",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "3.8.5",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "3.8.4",
|
||||
"status": "affected",
|
||||
"version": "n/a",
|
||||
"versionType": "custom"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability?_s_id=cve"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "Update to 3.8.5 or a higher version."
|
||||
}
|
||||
],
|
||||
"value": "Update to 3.8.5 or a higher version."
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Rafie Muhammad (Patchstack)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,122 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-37952",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "audit@patchstack.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-269 Improper Privilege Management",
|
||||
"cweId": "CWE-269"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "themeenergy",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "BookYourTravel",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "8.18.19",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThanOrEqual": "8.18.17",
|
||||
"status": "affected",
|
||||
"version": "n/a",
|
||||
"versionType": "custom"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/bookyourtravel/wordpress-bookyourtravel-theme-8-18-17-subscriber-privilege-escalation-vulnerability?_s_id=cve",
|
||||
"refsource": "MISC",
|
||||
"name": "https://patchstack.com/database/vulnerability/bookyourtravel/wordpress-bookyourtravel-theme-8-18-17-subscriber-privilege-escalation-vulnerability?_s_id=cve"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "Update to 8.18.19 or a higher version."
|
||||
}
|
||||
],
|
||||
"value": "Update to 8.18.19 or a higher version."
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Dave Jong (Patchstack)"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,86 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-37996",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-476: NULL Pointer Dereference",
|
||||
"cweId": "CWE-476"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "JT Open",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V11.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "PLM XML SDK",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.1.0.014"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
|
||||
"baseScore": 3.3,
|
||||
"baseSeverity": "LOW"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,86 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-37997",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-121: Stack-based Buffer Overflow",
|
||||
"cweId": "CWE-121"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "JT Open",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V11.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "PLM XML SDK",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V7.1.0.014"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,446 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-38278",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-266: Incorrect Privilege Assignment",
|
||||
"cweId": "CWE-266"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RUGGEDCOM RMC8388 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RMC8388NC V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416NCv2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416PNCv2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416v2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS900 (32M) V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS900G (32M) V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS900GNC(32M) V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS900NC(32M) V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2100 (32M) V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2100NC(32M) V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2288 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2288NC V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2300 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2300NC V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2300P V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2300PNC V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2488 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG2488NC V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG907R",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG908C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG909R",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG910C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG920P V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSG920PNC V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSL910",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RSL910NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RST2228",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RST2228P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RST916C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RST916P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.6,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,842 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-38867",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). \r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from those ports."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-326: Inadequate Encryption Strength",
|
||||
"cweId": "CWE-326"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MD84 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MD85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MD85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MD86 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MD86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MD89 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 6MU85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7KE85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7KE85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA82 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA84 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA86 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA87 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SA87 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD82 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD84 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD86 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD87 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SD87 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ81 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V8.89"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ81 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ82 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V8.89"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ86 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SJ86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SK82 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V8.89"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SK82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SK85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SK85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SL82 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SL82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SL86 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SL86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SL87 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SL87 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SS85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SS85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7ST85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7ST85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7ST86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SX82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7SX85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UM85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT82 (CP100)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT82 (CP150)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT85 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT86 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT86 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT87 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7UT87 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7VE85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7VK87 (CP200)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7VK87 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.65"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 7VU85 (CP300)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.62"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 Communication Module ETH-BD-2FO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.62"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPROTEC 5 Compact 7SX800 (CP050)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V9.64"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-750499.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-750499.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39567",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Client",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 HF1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39568",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Client",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 HF1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39569",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Client",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 HF1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.6,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39570",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 HF1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39571",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
||||
"cweId": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 HF1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,398 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39675",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
|
||||
"cweId": "CWE-497"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RUGGEDCOM RMC30",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RMC30NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RP110",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RP110NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS400",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS400NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS401",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS401NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416NCv2 V4.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416NCv2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416PNC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416PNCv2 V4.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416PNCv2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416Pv2 V4.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416Pv2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416v2 V4.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS416v2 V5.X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V5.9.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS910",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS910L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS910LNC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS910NC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS910W",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V4.3.10"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS920L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS920LNC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM RS920W",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39865",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
|
||||
"cweId": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39866",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-267: Privilege Defined With Unsafe Actions",
|
||||
"cweId": "CWE-267"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39867",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-425: Direct Request ('Forced Browsing')",
|
||||
"cweId": "CWE-425"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.6,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39868",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-425: Direct Request ('Forced Browsing')",
|
||||
"cweId": "CWE-425"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.6,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39869",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
|
||||
"cweId": "CWE-754"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39870",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-602: Client-Side Enforcement of Server-Side Security",
|
||||
"cweId": "CWE-602"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39871",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-863: Incorrect Authorization",
|
||||
"cweId": "CWE-863"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39872",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-378: Creation of Temporary File With Insecure Permissions",
|
||||
"cweId": "CWE-378"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 9.6,
|
||||
"baseSeverity": "CRITICAL"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39873",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
|
||||
"cweId": "CWE-307"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39874",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
|
||||
"cweId": "CWE-307"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39875",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
|
||||
"cweId": "CWE-732"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39876",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-770: Allocation of Resources Without Limits or Throttling",
|
||||
"cweId": "CWE-770"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SINEMA Remote Connect Server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "0",
|
||||
"version_value": "V3.2 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
|
||||
"baseScore": 4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,74 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-39888",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified.\r\n\r\nThis could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-547: Use of Hard-coded, Security-relevant Constants",
|
||||
"cweId": "CWE-547"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mendix Encryption",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<",
|
||||
"version_name": "V10.0.0",
|
||||
"version_value": "V10.0.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://cert-portal.siemens.com/productcert/html/ssa-998949.html",
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/html/ssa-998949.html"
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,18 +1,102 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-3596",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "cert@cert.org",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-328: Use of Weak Hash"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "IETF",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RFC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "2865"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://datatracker.ietf.org/doc/html/rfc2865",
|
||||
"refsource": "MISC",
|
||||
"name": "https://datatracker.ietf.org/doc/html/rfc2865"
|
||||
},
|
||||
{
|
||||
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
|
||||
},
|
||||
{
|
||||
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf",
|
||||
"refsource": "MISC",
|
||||
"name": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
|
||||
},
|
||||
{
|
||||
"url": "https://www.blastradius.fail/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.blastradius.fail/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "VINCE 3.0.4",
|
||||
"env": "prod",
|
||||
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
@ -421,6 +421,11 @@
|
||||
"url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/",
|
||||
"refsource": "MISC",
|
||||
"name": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -129,6 +129,11 @@
|
||||
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6409",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security-tracker.debian.org/tracker/CVE-2024-6409"
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2",
|
||||
"refsource": "MISC",
|
||||
"name": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
18
2024/6xxx/CVE-2024-6597.json
Normal file
18
2024/6xxx/CVE-2024-6597.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2024-6597",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user