"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2022-05-20 14:01:46 +00:00 · 2022-05-20 14:01:46 +00:00 · 61ae950e76
commit 61ae950e76
parent 395b036561
33 changed files with 109 additions and 78 deletions
--- a/2019/10xxx/CVE-2019-10934.json
+++ b/2019/10xxx/CVE-2019-10934.json
@ -76,7 +76,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions), TIA Portal V17 (All versions). Changing the contents of a configuration file could allow an attacker to\nexecute arbitrary code with SYSTEM privileges.\n\nThe security vulnerability could be exploited by an attacker with a valid\naccount and limited access rights on the system. No user interaction is\nrequired.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known."
+                "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions), TIA Portal V17 (All versions). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known."
            }
        ]
    },
--- a/2019/13xxx/CVE-2019-13939.json
+++ b/2019/13xxx/CVE-2019-13939.json
@ -276,7 +276,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.\n\nThe vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack."
+                "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack."
            }
        ]
    },
--- a/2021/41xxx/CVE-2021-41545.json
+++ b/2021/41xxx/CVE-2021-41545.json
@ -83,9 +83,10 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf"
            }
        ]
    }
-}
+}
--- a/2022/24xxx/CVE-2022-24039.json
+++ b/2022/24xxx/CVE-2022-24039.json
@ -56,16 +56,17 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file.\n\nAn attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation."
+                "value": "A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The \u201caddCell\u201d JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator\u2019s workstation."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
-}
+}
--- a/2022/24xxx/CVE-2022-24040.json
+++ b/2022/24xxx/CVE-2022-24040.json
@ -76,16 +76,17 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account.\n\nAn attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account."
+                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
-}
+}
--- a/2022/24xxx/CVE-2022-24041.json
+++ b/2022/24xxx/CVE-2022-24041.json
@ -76,16 +76,17 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count.\n\nAn attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."
+                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
-}
+}
--- a/2022/24xxx/CVE-2022-24042.json
+++ b/2022/24xxx/CVE-2022-24042.json
@ -76,16 +76,17 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout.\n\nAn attacker could be able to capture this token and re-use old session credentials or session IDs for authorization."
+                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
-}
+}
--- a/2022/24xxx/CVE-2022-24043.json
+++ b/2022/24xxx/CVE-2022-24043.json
@ -76,15 +76,16 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames.\n\nA remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."
+                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
--- a/2022/24xxx/CVE-2022-24044.json
+++ b/2022/24xxx/CVE-2022-24044.json
@ -76,15 +76,16 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks.\n\nAn attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account."
+                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
--- a/2022/24xxx/CVE-2022-24045.json
+++ b/2022/24xxx/CVE-2022-24045.json
@ -76,15 +76,16 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d).\n\nAny attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information."
+                "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as \u201cSecure\u201d, \u201cHttpOnly\u201d, or \u201cSameSite\u201d). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdf"
            }
        ]
    }
--- a/2022/24xxx/CVE-2022-24287.json
+++ b/2022/24xxx/CVE-2022-24287.json
@ -103,8 +103,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf"
            }
        ]
    }
--- a/2022/24xxx/CVE-2022-24290.json
+++ b/2022/24xxx/CVE-2022-24290.json
@ -103,8 +103,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"
            }
        ]
    }
--- a/2022/27xxx/CVE-2022-27242.json
+++ b/2022/27xxx/CVE-2022-27242.json
@ -53,8 +53,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf"
            }
        ]
    }
--- a/2022/27xxx/CVE-2022-27640.json
+++ b/2022/27xxx/CVE-2022-27640.json
@ -56,15 +56,16 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests.\n\nThis could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot."
+                "value": "A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf"
            }
        ]
    }
--- a/2022/27xxx/CVE-2022-27653.json
+++ b/2022/27xxx/CVE-2022-27653.json
@ -53,8 +53,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29028.json
+++ b/2022/29xxx/CVE-2022-29028.json
@ -73,8 +73,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29029.json
+++ b/2022/29xxx/CVE-2022-29029.json
@ -73,8 +73,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29030.json
+++ b/2022/29xxx/CVE-2022-29030.json
@ -73,8 +73,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29031.json
+++ b/2022/29xxx/CVE-2022-29031.json
@ -73,8 +73,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29032.json
+++ b/2022/29xxx/CVE-2022-29032.json
@ -73,8 +73,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29033.json
+++ b/2022/29xxx/CVE-2022-29033.json
@ -73,8 +73,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29801.json
+++ b/2022/29xxx/CVE-2022-29801.json
@ -56,15 +56,16 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an\nattacker to view files on the application server filesystem."
+                "value": "A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem."
            }
        ]
    },
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29872.json
+++ b/2022/29xxx/CVE-2022-29872.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29873.json
+++ b/2022/29xxx/CVE-2022-29873.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29874.json
+++ b/2022/29xxx/CVE-2022-29874.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29876.json
+++ b/2022/29xxx/CVE-2022-29876.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29877.json
+++ b/2022/29xxx/CVE-2022-29877.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29878.json
+++ b/2022/29xxx/CVE-2022-29878.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29879.json
+++ b/2022/29xxx/CVE-2022-29879.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29880.json
+++ b/2022/29xxx/CVE-2022-29880.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29881.json
+++ b/2022/29xxx/CVE-2022-29881.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29882.json
+++ b/2022/29xxx/CVE-2022-29882.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }
--- a/2022/29xxx/CVE-2022-29883.json
+++ b/2022/29xxx/CVE-2022-29883.json
@ -403,8 +403,9 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
-                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
+                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
                "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
            }
        ]
    }