admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-01-18 15:04:24 -05:00
parent f60c9f3d37
commit 5996ec37ab
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
8 changed files with 99 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2016/7xxx/CVE-2016-7165.json
View File

@ -11,96 +11,18 @@
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
"product_name" : "Primary Setup Tool (PST), SIMATIC IT Production Suite, SIMATIC NET PC-Software, SIMATIC PCS 7 V7.1, SIMATIC PCS 7 V8.0, SIMATIC PCS 7 V8.1, SIMATIC PCS 7 V8.2, SIMATIC STEP 7 (TIA Portal) V13, SIMATIC STEP 7 V5.X, SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced, SIMATIC WinCC (TIA Portal) Professional V13, SIMATIC WinCC (TIA Portal) Professional V14, SIMATIC WinCC Runtime Professional V13, SIMATIC WinCC Runtime Professional V14, SIMATIC WinCC V7.0 SP2 and earlier versions, SIMATIC WinCC V7.0 SP3, SIMATIC WinCC V7.2, SIMATIC WinCC V7.3, SIMATIC WinCC V7.4, SIMIT V9.0, SINEMA Remote Connect Client, SINEMA Server, SOFTNET Security Client V5.0, Security Configuration Tool (SCT), TeleControl Server Basic, WinAC RTX 2010 SP2, WinAC RTX F 2010 SP2", "product_name" : "n/a",
"version" : { "version" : {
"version_data" : [ "version_data" : [
{ {
"version_value" : "Primary Setup Tool (PST) : All versions < V4.2 HF1" "version_value" : "n/a"
},
{
"version_value" : "SIMATIC IT Production Suite : All versions < V7.0 SP1 HFX 2"
},
{
"version_value" : "SIMATIC NET PC-Software : All versions < V14"
},
{
"version_value" : "SIMATIC PCS 7 V7.1 : All versions"
},
{
"version_value" : "SIMATIC PCS 7 V8.0 : All versions"
},
{
"version_value" : "SIMATIC PCS 7 V8.1 : All versions"
},
{
"version_value" : "SIMATIC PCS 7 V8.2 : All versions"
},
{
"version_value" : "SIMATIC STEP 7 (TIA Portal) V13 : All versions < V13 SP2"
},
{
"version_value" : "SIMATIC STEP 7 V5.X : All versions < V5.5 SP4 HF11"
},
{
"version_value" : "SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced : All versions < V14"
},
{
"version_value" : "SIMATIC WinCC (TIA Portal) Professional V13 : All versions < V13 SP2"
},
{
"version_value" : "SIMATIC WinCC (TIA Portal) Professional V14 : All versions < V14 SP1"
},
{
"version_value" : "SIMATIC WinCC Runtime Professional V13 : All versions < V13 SP2"
},
{
"version_value" : "SIMATIC WinCC Runtime Professional V14 : All versions < V14 SP1"
},
{
"version_value" : "SIMATIC WinCC V7.0 SP2 and earlier versions : All versions < V7.0 SP2 Upd 12"
},
{
"version_value" : "SIMATIC WinCC V7.0 SP3 : All versions < V7.0 SP3 Upd 8"
},
{
"version_value" : "SIMATIC WinCC V7.2 : All versions < V7.2 Upd 14"
},
{
"version_value" : "SIMATIC WinCC V7.3 : All versions < V7.3 Upd 11"
},
{
"version_value" : "SIMATIC WinCC V7.4 : All versions < V7.4 SP1"
},
{
"version_value" : "SIMIT V9.0 : All versions < V9.0 SP1"
},
{
"version_value" : "SINEMA Remote Connect Client : All versions < V1.0 SP3"
},
{
"version_value" : "SINEMA Server : All versions < V13 SP2"
},
{
"version_value" : "SOFTNET Security Client V5.0 : All versions"
},
{
"version_value" : "Security Configuration Tool (SCT) : All versions < V4.3 HF1"
},
{
"version_value" : "TeleControl Server Basic : All versions < V3.0 SP2"
},
{
"version_value" : "WinAC RTX 2010 SP2 : All versions"
},
{
"version_value" : "WinAC RTX F 2010 SP2 : All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Siemens AG" "vendor_name" : "n/a"
} }
] ]
} }
@ -122,7 +44,7 @@
"description" : [ "description" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "CWE-284: Improper Access Control" "value" : "n/a"
} }
] ]
} }

48
2017/12xxx/CVE-2017-12729.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-12729", "ID" : "CVE-2017-12729",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa SoftCMS Live Viewer",
"version" : {
"version_data" : [
{
"version_value" : "Moxa SoftCMS Live Viewer"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05"
} }
] ]
} }

3
2017/16xxx/CVE-2017-16863.json
View File

@ -53,9 +53,6 @@
}, },
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{
"url" : "https://cwe.mitre.org/data/definitions/79.html"
},
{ {
"url" : "https://jira.atlassian.com/browse/JRASERVER-66623" "url" : "https://jira.atlassian.com/browse/JRASERVER-66623"
} }

4
2017/2xxx/CVE-2017-2680.json
View File

@ -315,10 +315,10 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf;" "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf"
}, },
{ {
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf"
}, },
{ {
"url" : "http://www.securityfocus.com/bid/98369" "url" : "http://www.securityfocus.com/bid/98369"

48
2017/5xxx/CVE-2017-5170.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta" : { "CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-5170", "ID" : "CVE-2017-5170",
"STATE" : "RESERVED" "STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa SoftNVR-IA Live Viewer",
"version" : {
"version_data" : [
{
"version_value" : "Moxa SoftNVR-IA Live Viewer"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
}, },
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE", "data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value" : "An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-427"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-220-02"
} }
] ]
} }