"-Synchronized-Data."

2025-07-29 05:56:59 +00:00 · 2021-12-16 14:01:11 +00:00 · 2021-12-16 14:01:11 +00:00 · 5c5ed5bb45
commit 5c5ed5bb45
parent 871cac1f7d
5 changed files with 23 additions and 3 deletions
--- a/2021/29xxx/CVE-2021-29241.json
+++ b/2021/29xxx/CVE-2021-29241.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that may result in a denial of service (DoS)."
+                "value": "CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS)."
            }
        ]
    },
--- a/2021/37xxx/CVE-2021-37604.json
+++ b/2021/37xxx/CVE-2021-37604.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication."
+                "value": "In version 6.5 of our MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack."
            }
        ]
    },
@ -71,6 +71,11 @@
                "refsource": "MISC",
                "name": "https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads",
                "url": "https://www.microchip.com/en-us/development-tools-tools-and-software/libraries-code-examples-and-more/advanced-software-framework-for-sam-devices#Downloads"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability",
+                "url": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability"
            }
        ]
    }
--- a/2021/37xxx/CVE-2021-37605.json
+++ b/2021/37xxx/CVE-2021-37605.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication."
+                "value": "In version 6.5 of MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes."
            }
        ]
    },
@ -76,6 +76,11 @@
                "refsource": "MISC",
                "name": "https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf",
                "url": "https://ww1.microchip.com/downloads/en/DeviceDoc/asf-release-notes-3.51.0.101-readme.pdf"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability",
+                "url": "https://www.microchip.com/en-us/products/wireless-connectivity/software-vulnerability-response/miwi-software-vulnerability"
            }
        ]
    }
--- a/2021/44xxx/CVE-2021-44228.json
+++ b/2021/44xxx/CVE-2021-44228.json
@ -258,6 +258,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf",
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            }
        ]
    },
--- a/2021/45xxx/CVE-2021-45046.json
+++ b/2021/45xxx/CVE-2021-45046.json
@ -102,6 +102,11 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf",
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            }
        ]
    },