From 61ae950e76258b80ebd7f8690c349dbf6c8a9fb8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 20 May 2022 14:01:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10934.json | 2 +- 2019/13xxx/CVE-2019-13939.json | 2 +- 2021/41xxx/CVE-2021-41545.json | 7 ++++--- 2022/24xxx/CVE-2022-24039.json | 9 +++++---- 2022/24xxx/CVE-2022-24040.json | 9 +++++---- 2022/24xxx/CVE-2022-24041.json | 9 +++++---- 2022/24xxx/CVE-2022-24042.json | 9 +++++---- 2022/24xxx/CVE-2022-24043.json | 7 ++++--- 2022/24xxx/CVE-2022-24044.json | 7 ++++--- 2022/24xxx/CVE-2022-24045.json | 7 ++++--- 2022/24xxx/CVE-2022-24287.json | 5 +++-- 2022/24xxx/CVE-2022-24290.json | 5 +++-- 2022/27xxx/CVE-2022-27242.json | 5 +++-- 2022/27xxx/CVE-2022-27640.json | 7 ++++--- 2022/27xxx/CVE-2022-27653.json | 5 +++-- 2022/29xxx/CVE-2022-29028.json | 5 +++-- 2022/29xxx/CVE-2022-29029.json | 5 +++-- 2022/29xxx/CVE-2022-29030.json | 5 +++-- 2022/29xxx/CVE-2022-29031.json | 5 +++-- 2022/29xxx/CVE-2022-29032.json | 5 +++-- 2022/29xxx/CVE-2022-29033.json | 5 +++-- 2022/29xxx/CVE-2022-29801.json | 7 ++++--- 2022/29xxx/CVE-2022-29872.json | 5 +++-- 2022/29xxx/CVE-2022-29873.json | 5 +++-- 2022/29xxx/CVE-2022-29874.json | 5 +++-- 2022/29xxx/CVE-2022-29876.json | 5 +++-- 2022/29xxx/CVE-2022-29877.json | 5 +++-- 2022/29xxx/CVE-2022-29878.json | 5 +++-- 2022/29xxx/CVE-2022-29879.json | 5 +++-- 2022/29xxx/CVE-2022-29880.json | 5 +++-- 2022/29xxx/CVE-2022-29881.json | 5 +++-- 2022/29xxx/CVE-2022-29882.json | 5 +++-- 2022/29xxx/CVE-2022-29883.json | 5 +++-- 33 files changed, 109 insertions(+), 78 deletions(-) diff --git a/2019/10xxx/CVE-2019-10934.json b/2019/10xxx/CVE-2019-10934.json index 13afa08fe09..bb030440bfc 100644 --- a/2019/10xxx/CVE-2019-10934.json +++ b/2019/10xxx/CVE-2019-10934.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions), TIA Portal V17 (All versions). Changing the contents of a configuration file could allow an attacker to\nexecute arbitrary code with SYSTEM privileges.\n\nThe security vulnerability could be exploited by an attacker with a valid\naccount and limited access rights on the system. No user interaction is\nrequired.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known." + "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions), TIA Portal V17 (All versions). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/13xxx/CVE-2019-13939.json b/2019/13xxx/CVE-2019-13939.json index 5ec260ee780..79a00ab0997 100644 --- a/2019/13xxx/CVE-2019-13939.json +++ b/2019/13xxx/CVE-2019-13939.json @@ -276,7 +276,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.\n\nThe vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack." + "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack." } ] }, diff --git a/2021/41xxx/CVE-2021-41545.json b/2021/41xxx/CVE-2021-41545.json index 30237fa9c09..71605e9fc0d 100644 --- a/2021/41xxx/CVE-2021-41545.json +++ b/2021/41xxx/CVE-2021-41545.json @@ -83,9 +83,10 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf" } ] } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24039.json b/2022/24xxx/CVE-2022-24039.json index 4a220d8754c..7c296d8ccc0 100644 --- a/2022/24xxx/CVE-2022-24039.json +++ b/2022/24xxx/CVE-2022-24039.json @@ -56,16 +56,17 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file.\n\nAn attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation." + "value": "A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24040.json b/2022/24xxx/CVE-2022-24040.json index 84fd7a9bd71..172e3127311 100644 --- a/2022/24xxx/CVE-2022-24040.json +++ b/2022/24xxx/CVE-2022-24040.json @@ -76,16 +76,17 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account.\n\nAn attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account." + "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24041.json b/2022/24xxx/CVE-2022-24041.json index c78769fcce5..b35f82707ad 100644 --- a/2022/24xxx/CVE-2022-24041.json +++ b/2022/24xxx/CVE-2022-24041.json @@ -76,16 +76,17 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count.\n\nAn attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users." + "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24042.json b/2022/24xxx/CVE-2022-24042.json index 76a73b6667f..30463656bf4 100644 --- a/2022/24xxx/CVE-2022-24042.json +++ b/2022/24xxx/CVE-2022-24042.json @@ -76,16 +76,17 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout.\n\nAn attacker could be able to capture this token and re-use old session credentials or session IDs for authorization." + "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } -} +} \ No newline at end of file diff --git a/2022/24xxx/CVE-2022-24043.json b/2022/24xxx/CVE-2022-24043.json index 51943922513..8226b7e0a7f 100644 --- a/2022/24xxx/CVE-2022-24043.json +++ b/2022/24xxx/CVE-2022-24043.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames.\n\nA remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames." + "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } diff --git a/2022/24xxx/CVE-2022-24044.json b/2022/24xxx/CVE-2022-24044.json index 18f679aa20a..39f822c0f05 100644 --- a/2022/24xxx/CVE-2022-24044.json +++ b/2022/24xxx/CVE-2022-24044.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks.\n\nAn attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account." + "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } diff --git a/2022/24xxx/CVE-2022-24045.json b/2022/24xxx/CVE-2022-24045.json index 2c9a28a6ce2..26f66d88630 100644 --- a/2022/24xxx/CVE-2022-24045.json +++ b/2022/24xxx/CVE-2022-24045.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d).\n\nAny attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information." + "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf" } ] } diff --git a/2022/24xxx/CVE-2022-24287.json b/2022/24xxx/CVE-2022-24287.json index 892487bf58b..c553bb0b978 100644 --- a/2022/24xxx/CVE-2022-24287.json +++ b/2022/24xxx/CVE-2022-24287.json @@ -103,8 +103,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf" } ] } diff --git a/2022/24xxx/CVE-2022-24290.json b/2022/24xxx/CVE-2022-24290.json index cad078f007e..e0928175ed4 100644 --- a/2022/24xxx/CVE-2022-24290.json +++ b/2022/24xxx/CVE-2022-24290.json @@ -103,8 +103,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf" } ] } diff --git a/2022/27xxx/CVE-2022-27242.json b/2022/27xxx/CVE-2022-27242.json index 1e7fae84bc0..edc75d514f3 100644 --- a/2022/27xxx/CVE-2022-27242.json +++ b/2022/27xxx/CVE-2022-27242.json @@ -53,8 +53,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf" } ] } diff --git a/2022/27xxx/CVE-2022-27640.json b/2022/27xxx/CVE-2022-27640.json index 6b900d3ef6c..29239ac10d1 100644 --- a/2022/27xxx/CVE-2022-27640.json +++ b/2022/27xxx/CVE-2022-27640.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests.\n\nThis could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot." + "value": "A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf" } ] } diff --git a/2022/27xxx/CVE-2022-27653.json b/2022/27xxx/CVE-2022-27653.json index f0c87290b26..3e7b796882d 100644 --- a/2022/27xxx/CVE-2022-27653.json +++ b/2022/27xxx/CVE-2022-27653.json @@ -53,8 +53,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29028.json b/2022/29xxx/CVE-2022-29028.json index 0ee3f8ac3ee..562f35f670d 100644 --- a/2022/29xxx/CVE-2022-29028.json +++ b/2022/29xxx/CVE-2022-29028.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29029.json b/2022/29xxx/CVE-2022-29029.json index 51c7bfbdafa..d41cca31f28 100644 --- a/2022/29xxx/CVE-2022-29029.json +++ b/2022/29xxx/CVE-2022-29029.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29030.json b/2022/29xxx/CVE-2022-29030.json index d318f8d4d1a..aef77a7b727 100644 --- a/2022/29xxx/CVE-2022-29030.json +++ b/2022/29xxx/CVE-2022-29030.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29031.json b/2022/29xxx/CVE-2022-29031.json index 09ccaea3047..e6738d34579 100644 --- a/2022/29xxx/CVE-2022-29031.json +++ b/2022/29xxx/CVE-2022-29031.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29032.json b/2022/29xxx/CVE-2022-29032.json index 9f9e49cacc5..271f03995f5 100644 --- a/2022/29xxx/CVE-2022-29032.json +++ b/2022/29xxx/CVE-2022-29032.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29033.json b/2022/29xxx/CVE-2022-29033.json index 160fca4300a..8e8d00f6429 100644 --- a/2022/29xxx/CVE-2022-29033.json +++ b/2022/29xxx/CVE-2022-29033.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29801.json b/2022/29xxx/CVE-2022-29801.json index 70309411850..2d82a221094 100644 --- a/2022/29xxx/CVE-2022-29801.json +++ b/2022/29xxx/CVE-2022-29801.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an\nattacker to view files on the application server filesystem." + "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29872.json b/2022/29xxx/CVE-2022-29872.json index 7a0d32bbce7..f8988d7a09f 100644 --- a/2022/29xxx/CVE-2022-29872.json +++ b/2022/29xxx/CVE-2022-29872.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29873.json b/2022/29xxx/CVE-2022-29873.json index e92a8913414..77bc01e5d62 100644 --- a/2022/29xxx/CVE-2022-29873.json +++ b/2022/29xxx/CVE-2022-29873.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29874.json b/2022/29xxx/CVE-2022-29874.json index 9c15bb6a162..62ad33912ce 100644 --- a/2022/29xxx/CVE-2022-29874.json +++ b/2022/29xxx/CVE-2022-29874.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29876.json b/2022/29xxx/CVE-2022-29876.json index 1c710b96595..a2e9f4b5235 100644 --- a/2022/29xxx/CVE-2022-29876.json +++ b/2022/29xxx/CVE-2022-29876.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29877.json b/2022/29xxx/CVE-2022-29877.json index 0eefa19a3e8..beec72e8115 100644 --- a/2022/29xxx/CVE-2022-29877.json +++ b/2022/29xxx/CVE-2022-29877.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29878.json b/2022/29xxx/CVE-2022-29878.json index 8be946c7464..12356bb20ee 100644 --- a/2022/29xxx/CVE-2022-29878.json +++ b/2022/29xxx/CVE-2022-29878.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29879.json b/2022/29xxx/CVE-2022-29879.json index 18049dbafdc..f9b8f1da799 100644 --- a/2022/29xxx/CVE-2022-29879.json +++ b/2022/29xxx/CVE-2022-29879.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29880.json b/2022/29xxx/CVE-2022-29880.json index dabc13ebc5d..b454b2a8d38 100644 --- a/2022/29xxx/CVE-2022-29880.json +++ b/2022/29xxx/CVE-2022-29880.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29881.json b/2022/29xxx/CVE-2022-29881.json index 47a612f9831..124fe4d7d35 100644 --- a/2022/29xxx/CVE-2022-29881.json +++ b/2022/29xxx/CVE-2022-29881.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29882.json b/2022/29xxx/CVE-2022-29882.json index 739127fda27..f2fb5a0483c 100644 --- a/2022/29xxx/CVE-2022-29882.json +++ b/2022/29xxx/CVE-2022-29882.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] } diff --git a/2022/29xxx/CVE-2022-29883.json b/2022/29xxx/CVE-2022-29883.json index 029c7f5aaba..70c4b7e6718 100644 --- a/2022/29xxx/CVE-2022-29883.json +++ b/2022/29xxx/CVE-2022-29883.json @@ -403,8 +403,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf" } ] }