admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-12 20:01:12 +00:00
parent eccf0f50b1
commit 5d46e33887
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
83 changed files with 676 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
2013/3xxx/CVE-2013-3633.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3633",
"STATE": "PUBLIC"
},
@ -11,31 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1.0"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -46,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-603: Use of Client-Side Authentication"
"value": "n/a"
}
]
}
@ -56,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly\nverified on server side. Therefore, an attacker is able to execute privileged commands\nusing an unprivileged account. \n"
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
]
}

29
2013/3xxx/CVE-2013-3634.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3634",
"STATE": "PUBLIC"
},
@ -11,31 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1.0"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -46,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
"value": "n/a"
}
]
}
@ -56,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently.\nTherefore, an attacker is able to execute SNMP commands without correct credentials. \n"
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
]
}

47
2016/8xxx/CVE-2016-8672.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8672",
"STATE": "PUBLIC"
},
@ -11,51 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant)",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.53"
}
]
}
},
{
"product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17"
}
]
}
},
{
"product_name": "SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -66,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
"value": "n/a"
}
]
}
@ -83,8 +53,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf"
}
]
}

47
2016/8xxx/CVE-2016-8673.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8673",
"STATE": "PUBLIC"
},
@ -11,51 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant)",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.53"
}
]
}
},
{
"product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.17"
}
]
}
},
{
"product_name": "SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "n/a"
}
]
}
}
]
}
},
"vendor_name": "n/a"
}
]
}
@ -66,7 +36,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
"value": "n/a"
}
]
}
@ -83,8 +53,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf"
}
]
}

12
2018/4xxx/CVE-2018-4832.json
View File

@ -306,19 +306,21 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions). Specially crafted messages sent to the RPC service of the affected products could\ncause a Denial-of-Service condition on the remote and local communication functionality of the\naffected products. A reboot of the system is required to recover the remote and local \ncommunication functionality.\n\nPlease note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf"
}
]
}

12
2019/10xxx/CVE-2019-10929.json
View File

@ -196,19 +196,21 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC OA (All versions <= 3.16 patch version 12), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network\ntraffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC\nS7-1500 and SIMATIC SoftwareController CPU families, due to certain\nproperties in the calculation used for integrity protection. \n\nIn order to exploit the vulnerability, an attacker must be able to perform a\nMan-in-the-Middle attack. The vulnerability could impact the integrity of the\ncommunication. \n\nNo public exploitation of the vulnerability was known at the time of advisory\npublication.\n"
"value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC OA (All versions <= 3.16 patch version 12), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf"
}
]
}

5
2019/10xxx/CVE-2019-10930.json
View File

@ -83,8 +83,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
}

5
2019/10xxx/CVE-2019-10931.json
View File

@ -83,8 +83,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
}

7
2019/10xxx/CVE-2019-10938.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. \n\nAt the time of advisory publication no public exploitation of this security vulnerability was known.\n"
"value": "A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
}
]
}

7
2019/10xxx/CVE-2019-10943.json
View File

@ -96,15 +96,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions). An attacker with network access to port 102/tcp could potentially modify the\nuser program on the PLC in a way that the running code is different from the\nsource code which is stored on the device.\n\nAn attacker must have network access to affected devices and must be able to\nperform changes to the user program. The vulnerability could impact the\nperceived integrity of the user program stored on the CPU. An engineer that\ntries to obtain the code of the user program running on the device, can\nreceive different source code that is not actually running on the device.\n\nNo public exploitation of the vulnerability was known at the time of advisory\npublication.\n"
"value": "A vulnerability has been identified in SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13930.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack\nif an unsuspecting user is tricked into accessing a malicious link.\n\nSuccessful exploitation requires user interaction by a legitimate user,\nwho must be authenticated to the web interface. A successful attack could\nallow an attacker to trigger actions via the web interface that the legitimate\nuser is allowed to perform. This could allow the attacker to read or modify\ncontents of the web application.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13931.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the\ninput in a form that is not expected, causing the application\nto behave in unexpected ways for legitimate users.\n\nSuccessful exploitation requires for an attacker to be authenticated \nto the web interface. A successful attack could cause the application\nto have unexpected behavior. This could allow the attacker to modify\ncontents of the web application.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow for an an attacker to craft the input in a form that is not expected, causing the application to behave in unexpected ways for legitimate users. Successful exploitation requires for an attacker to be authenticated to the web interface. A successful attack could cause the application to have unexpected behavior. This could allow the attacker to modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13932.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the\nthe application to behave in unexpected ways for legitimate users.\n\nSuccessful exploitation does not require for an attacker to be\nauthenticated. A successful attack could allow the import of\nscripts or generation of malicious links. This could allow the\nattacker to read or modify contents of the web application.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13942.json
View File

@ -86,15 +86,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected\ndevices must be restarted manually to fully recover. \n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13943.json
View File

@ -86,15 +86,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify\ncontent of particular web pages, causing the application to behave in unexpected ways for legitimate\nusers. Successful exploitation does not require for an attacker to be authenticated to the web interface. \nThis could allow the attacker to read or modify contents of the web application.\n\nAt the time of advisory publication no public exploitation of this security.\nvulnerability was known. \n"
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13944.json
View File

@ -86,15 +86,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server \nof the affected devices could allow unauthorized attackers to obtain sensitive \ninformation about the device, including logs and configurations.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13945.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows\nadditional diagnostic functionality.\n\nThe security vulnerability could be exploited by an attacker with physical access\nto the UART interface during boot process.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13947.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3\nCentral Control Server (CCS) transfers user passwords in clear to the\nclient (browser).\n\nAn attacker with administrative privileges for the web interface could be\nable to read (and not only reset) passwords of other SiNVR 3 CCS users.\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3 Central Control Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other SiNVR 3 CCS users."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18283.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An\nattacker can gain remote code execution by sending specifically crafted\nobjects to one of its functions.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18284.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An\nattacker can use methods exposed via this interface to receive password hashes\nof other users and to change user passwords.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18285.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is\nunencrypted. An attacker with access to the communication channel can\nread credentials of a valid user.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18286.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing\nsensitive information.\n\nThis vulnerability is independent from CVE-2019-18287.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18287. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18287.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing\nsensitive information.\n\nThis vulnerability is independent from CVE-2019-18286.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). The Application Server exposes directory listings and files containing sensitive information. This vulnerability is independent from CVE-2019-18286. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18288.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to\ngain remote code execution through an unsecured file upload.\n\nPlease note that an attacker needs to have access to the Application Highway\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18289.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18293, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18290.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18291.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18292.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18293.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18295, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18294.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18295.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18296. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18296.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition and potentially gain remote code execution\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18289, CVE-2019-18293, and CVE-2019-18295. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18297.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain\nroot privileges\nby sending specifically crafted packets to a named pipe.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and low privileges could gain root privileges by sending specifically crafted packets to a named pipe. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18298.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18299.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18300.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18301.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18302.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18303.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302,\nCVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18304.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18305, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18305.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18306, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18306.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, and CVE-2019-18307.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18307.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294,\nCVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303,\nCVE-2019-18304, CVE-2019-18305, and CVE-2019-18306.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, and CVE-2019-18306. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18308.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could\ngain root privileges by manipulating specific files in the local file system.\n\nThis vulnerability is independent from CVE-2019-18309.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18309. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18309.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could\ngain root privileges by manipulating specific files in the local file system.\n\nThis vulnerability is independent from CVE-2019-18308.\n\nPlease note that an attacker needs to have local access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with local access to the MS3000 Server and a low privileged user account could gain root privileges by manipulating specific files in the local file system. This vulnerability is independent from CVE-2019-18308. Please note that an attacker needs to have local access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18310.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 7061/tcp.\n\nThis vulnerability is independent from CVE-2019-18311.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18311. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18311.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a\nDenial-of-Service condition\nby sending specifically crafted packets to port 7061/tcp.\n\nThis vulnerability is independent from CVE-2019-18310.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18312.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running\nRPC services.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to enumerate running RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18313.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code\nexecution\nby sending specifically crafted objects to one of the RPC services.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could gain remote code execution by sending specifically crafted objects to one of the RPC services. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18314.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted objects via RMI.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted objects via RMI. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18315.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted packets to 8888/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 8888/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18316.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain\nremote code execution\nby sending specifically crafted packets to 1099/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain remote code execution by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18317.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18318 and CVE-2019-18319.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18318 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18318.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18317 and CVE-2019-18319.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server can cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18319. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18319.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause\na Denial-of-Service condition\nby sending specifically crafted objects via RMI.\n\nThis vulnerability is independent from CVE-2019-18317 and CVE-2019-18318.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could cause a Denial-of-Service condition by sending specifically crafted objects via RMI. This vulnerability is independent from CVE-2019-18317 and CVE-2019-18318. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18320.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload\narbitrary files without authentication.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18321.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18322.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18322. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18322.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system\nby sending specifically crafted packets to port 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18321.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could be able to read and write arbitrary files on the local file system by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18321. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18323.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18324.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18325.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18326.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18327, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18327.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18328, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18328.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18329, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18329.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18330. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18330.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service\ncondition and potentially gain remote code execution \nby sending specifically crafted packets to 5010/tcp.\n\nThis vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329.\n\nPlease note that an attacker needs to have network access to the MS3000\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18331.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access\nto path and filenames on the server\nby sending specifically crafted packets to 1099/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to path and filenames on the server by sending specifically crafted packets to 1099/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18332.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access\nto directory listings of the server\nby sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to directory listings of the server by sending specifically crafted packets to 80/tcp, 8095/tcp or 8080/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18333.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access\nto filenames on the server\nby sending specifically crafted packets to 8090/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could gain access to filenames on the server by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18334.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names\nby sending specifically crafted packets to 8090/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to enumerate valid user names by sending specifically crafted packets to 8090/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18335.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access\nto logs and configuration files\nby sending specifically crafted packets to 80/tcp.\n\nPlease note that an attacker needs to have network access to the Application Server\nin order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions). An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18337.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nA remote attacker with network access to the CCS server could \nexploit this vulnerability to read the CCS users database, including\nthe passwords of all users in obfuscated cleartext.\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18338.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nAn authenticated remote attacker with network access to the CCS server\ncould exploit this vulnerability to list arbitrary directories\nor read files outside of the CCS application context.\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18339.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiNVR users database, including\nthe passwords of all users in obfuscated cleartext.\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18340.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks.\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18341.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server\n(CCS) contains an authentication bypass vulnerability.\n\nA remote attacker with network access to the CCS server could \nexploit this vulnerability to read data from the EDIR directory\n(for example, the list of all configured stations).\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations)."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

7
2019/18xxx/CVE-2019-18342.json
View File

@ -56,15 +56,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver.\n"
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
}
]
}

82
2019/19xxx/CVE-2019-19767.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.2"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205707",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205707"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205609",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205609"
},
{
"url": "https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a"
}
]
}
}

62
2019/19xxx/CVE-2019-19768.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205711",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205711"
}
]
}
}

62
2019/19xxx/CVE-2019-19769.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205705",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205705"
}
]
}
}

62
2019/19xxx/CVE-2019-19770.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=205713",
"refsource": "MISC",
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=205713"
}
]
}
}

67
2019/19xxx/CVE-2019-19771.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.npmjs.com/package/lodahs",
"refsource": "MISC",
"name": "https://www.npmjs.com/package/lodahs"
},
{
"url": "https://www.npmjs.com/advisories/1417",
"refsource": "MISC",
"name": "https://www.npmjs.com/advisories/1417"
}
]
}
}

12
2019/6xxx/CVE-2019-6568.json
View File

@ -756,19 +756,21 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to\na denial-of-service condition. An attacker may cause a denial-of-service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
}
]
}