admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-22 23:00:31 +00:00
parent 773c40ba6f
commit 5d6a717f58
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 800 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
2024/11xxx/CVE-2024-11630.json
View File

@ -1,17 +1,278 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11630",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 bis 3.2 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente OEM Backend. Durch Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme werden Anpassungen an der Konfiguration empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-coded Credentials",
"cweId": "CWE-798"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Password",
"cweId": "CWE-259"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "E-Lins",
"product": {
"product_data": [
{
"product_name": "H685",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H685f",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H700",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H720",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H750",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H820",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H820Q",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H820Q0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
},
{
"product_name": "H900",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
},
{
"version_affected": "=",
"version_value": "3.1"
},
{
"version_affected": "=",
"version_value": "3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.285916",
"refsource": "MISC",
"name": "https://vuldb.com/?id.285916"
},
{
"url": "https://vuldb.com/?ctiid.285916",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.285916"
},
{
"url": "https://vuldb.com/?submit.444738",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.444738"
},
{
"url": "https://github.com/I3eg1nner/iot-vuln/blob/main/E-lins/Hard-Coded%20Credential%20Vulnerability%20in%20E-Lins%20Routers.md",
"refsource": "MISC",
"name": "https://github.com/I3eg1nner/iot-vuln/blob/main/E-lins/Hard-Coded%20Credential%20Vulnerability%20in%20E-Lins%20Routers.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "liutong (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

111
2024/45xxx/CVE-2024-45369.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-45369",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA",
"product": {
"product_data": [
{
"product_name": "myPRO Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3"
}
]
}
},
{
"product_name": "myPRO Runtime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-326-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>mySCADA recommends updating to the latest versions:</p><ul><li>mySCADA PRO Manager <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">1.3</a></li><li>mySCADA PRO Runtime <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">9.2.1</a></li></ul>\n\n<br>"
}
],
"value": "mySCADA recommends updating to the latest versions:\n\n * mySCADA PRO Manager 1.3 https://www.myscada.org/resources/ \n * mySCADA PRO Runtime 9.2.1 https://www.myscada.org/resources/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

111
2024/47xxx/CVE-2024-47138.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA",
"product": {
"product_data": [
{
"product_name": "myPRO Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3"
}
]
}
},
{
"product_name": "myPRO Runtime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-326-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>mySCADA recommends updating to the latest versions:</p><ul><li>mySCADA PRO Manager <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">1.3</a></li><li>mySCADA PRO Runtime <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">9.2.1</a></li></ul>\n\n<br>"
}
],
"value": "mySCADA recommends updating to the latest versions:\n\n * mySCADA PRO Manager 1.3 https://www.myscada.org/resources/ \n * mySCADA PRO Runtime 9.2.1 https://www.myscada.org/resources/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

111
2024/47xxx/CVE-2024-47407.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA",
"product": {
"product_data": [
{
"product_name": "myPRO Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3"
}
]
}
},
{
"product_name": "myPRO Runtime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-326-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>mySCADA recommends updating to the latest versions:</p><ul><li>mySCADA PRO Manager <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">1.3</a></li><li>mySCADA PRO Runtime <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">9.2.1</a></li></ul>\n\n<br>"
}
],
"value": "mySCADA recommends updating to the latest versions:\n\n * mySCADA PRO Manager 1.3 https://www.myscada.org/resources/ \n * mySCADA PRO Runtime 9.2.1 https://www.myscada.org/resources/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

111
2024/50xxx/CVE-2024-50054.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-50054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-35",
"cweId": "CWE-35"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA",
"product": {
"product_data": [
{
"product_name": "myPRO Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3"
}
]
}
},
{
"product_name": "myPRO Runtime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-326-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>mySCADA recommends updating to the latest versions:</p><ul><li>mySCADA PRO Manager <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">1.3</a></li><li>mySCADA PRO Runtime <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">9.2.1</a></li></ul>\n\n<br>"
}
],
"value": "mySCADA recommends updating to the latest versions:\n\n * mySCADA PRO Manager 1.3 https://www.myscada.org/resources/ \n * mySCADA PRO Runtime 9.2.1 https://www.myscada.org/resources/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

111
2024/52xxx/CVE-2024-52034.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52034",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA",
"product": {
"product_data": [
{
"product_name": "myPRO Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3"
}
]
}
},
{
"product_name": "myPRO Runtime",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-24-326-07",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>mySCADA recommends updating to the latest versions:</p><ul><li>mySCADA PRO Manager <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">1.3</a></li><li>mySCADA PRO Runtime <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/resources/\">9.2.1</a></li></ul>\n\n<br>"
}
],
"value": "mySCADA recommends updating to the latest versions:\n\n * mySCADA PRO Manager 1.3 https://www.myscada.org/resources/ \n * mySCADA PRO Runtime 9.2.1 https://www.myscada.org/resources/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}