admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-15 17:00:37 +00:00
parent 9f598a4a95
commit 5a0578f7f3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 564 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
2023/33xxx/CVE-2023-33873.json
View File

@ -1,17 +1,268 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nThis privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges ",
"cweId": "CWE-250"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AVEVA ",
"product": {
"product_data": [
{
"product_name": "SystemPlatform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Historian",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Application Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "InTouch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Enterprise Licensing (formerly known as License Manager)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.7.002"
}
]
}
},
{
"product_name": "Manufacturing Execution System (formerly known as Wonderware MES)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 P01"
}
]
}
},
{
"product_name": "Recipe Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 Update 1 Patch 2 "
}
]
}
},
{
"product_name": "Batch Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 SP1 "
}
]
}
},
{
"product_name": "Edge (formerly known as Indusoft Web Studio)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Worktasks (formerly known as Workflow Management)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 U2"
}
]
}
},
{
"product_name": "Plant SCADA (formerly known as Citect)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 Update 15"
}
]
}
},
{
"product_name": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R1"
}
]
}
},
{
"product_name": "Communication Drivers Pack",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1"
}
]
}
},
{
"product_name": "Telemetry Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/",
"refsource": "MISC",
"name": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.</p><p>In addition to applying security updates, users should follow these general precautions:</p><ul><li>Ensure that Guest or Anonymous local OS accounts are disabled.</li><li>Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.</li></ul><p>Please see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\">AVEVA Security Bulletin number AVEVA-2023-003</a>&nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.</p><p>AVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\">Alert 000038736.</a></p>\n\n<br>"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

259
2023/34xxx/CVE-2023-34982.json
View File

@ -1,17 +1,268 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34982",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nThis external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path ",
"cweId": "CWE-73"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AVEVA ",
"product": {
"product_data": [
{
"product_name": "SystemPlatform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Historian",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Application Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "InTouch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Enterprise Licensing (formerly known as License Manager)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.7.002"
}
]
}
},
{
"product_name": "Manufacturing Execution System (formerly known as Wonderware MES)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 P01"
}
]
}
},
{
"product_name": "Recipe Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 Update 1 Patch 2 "
}
]
}
},
{
"product_name": "Batch Management",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 SP1 "
}
]
}
},
{
"product_name": "Edge (formerly known as Indusoft Web Studio)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1 P01"
}
]
}
},
{
"product_name": "Worktasks (formerly known as Workflow Management)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 U2"
}
]
}
},
{
"product_name": "Plant SCADA (formerly known as Citect)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 Update 15"
}
]
}
},
{
"product_name": "Mobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R1"
}
]
}
},
{
"product_name": "Communication Drivers Pack",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1"
}
]
}
},
{
"product_name": "Telemetry Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2020 R2 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01"
},
{
"url": "https://www.aveva.com/en/support-and-success/cyber-security-updates/",
"refsource": "MISC",
"name": "https://www.aveva.com/en/support-and-success/cyber-security-updates/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.</p><p>In addition to applying security updates, users should follow these general precautions:</p><ul><li>Ensure that Guest or Anonymous local OS accounts are disabled.</li><li>Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.</li></ul><p>Please see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/en/support-and-success/cyber-security-updates/\">AVEVA Security Bulletin number AVEVA-2023-003</a>&nbsp;for more information and for links for individual security updates and mitigations for each of the affected products.</p><p>AVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736?lang=en_us\">Alert 000038736.</a></p>\n\n<br>"
}
],
"value": "\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Users of affected products should apply security updates as soon as possible.\n\nIn addition to applying security updates, users should follow these general precautions:\n\n * Ensure that Guest or Anonymous local OS accounts are disabled.\n * Ensure that only trusted users are able to login on the nodes where the Operations Control Logger is running.\n\n\nPlease see AVEVA Security Bulletin number AVEVA-2023-003 https://www.aveva.com/en/support-and-success/cyber-security-updates/ \u00a0for more information and for links for individual security updates and mitigations for each of the affected products.\n\nAVEVA System Platform 2020 through 2020 R2 SP1 cannot be newly installed on top of other AVEVA products which have been previously patched with the Operations Control Logger v22.1. For additional details please refer to Alert 000038736. https://softwaresupportsp.aveva.com/#/knowledgebase/details/000038736 \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Lukasz Piotrowski from Equinor reported these vulnerabilities to AVEVA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2023/48xxx/CVE-2023-48362.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-48362",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6156.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/6xxx/CVE-2023-6157.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}