From 650dc8c9bcccbc9dc78dba8698a2f5a039bf6f1c Mon Sep 17 00:00:00 2001 From: Cisco Talos CNA Date: Wed, 25 May 2022 16:09:03 -0400 Subject: [PATCH] Submitting published CVEs --- 2022/26xxx/CVE-2022-26026.json | 62 +++++++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26043.json | 62 +++++++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26067.json | 62 +++++++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26077.json | 62 +++++++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26082.json | 62 +++++++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26303.json | 62 +++++++++++++++++++++++++++++++--- 2022/26xxx/CVE-2022-26833.json | 62 +++++++++++++++++++++++++++++++--- 2022/27xxx/CVE-2022-27169.json | 62 +++++++++++++++++++++++++++++++--- 8 files changed, 464 insertions(+), 32 deletions(-) diff --git a/2022/26xxx/CVE-2022-26026.json b/2022/26xxx/CVE-2022-26026.json index 6bf70ac71f9..cafa71dc65e 100644 --- a/2022/26xxx/CVE-2022-26026.json +++ b/2022/26xxx/CVE-2022-26026.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26026", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1491", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1491" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26043.json b/2022/26xxx/CVE-2022-26043.json index a6bbc212fdb..0d6266176a9 100644 --- a/2022/26xxx/CVE-2022-26043.json +++ b/2022/26xxx/CVE-2022-26043.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1489", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1489" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26067.json b/2022/26xxx/CVE-2022-26067.json index 03c23d7b97f..a5fe1554f4d 100644 --- a/2022/26xxx/CVE-2022-26067.json +++ b/2022/26xxx/CVE-2022-26067.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1492" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 4.9, + "baseSeverity": "Medium", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26077.json b/2022/26xxx/CVE-2022-26077.json index 876cc159fd4..7209be62765 100644 --- a/2022/26xxx/CVE-2022-26077.json +++ b/2022/26xxx/CVE-2022-26077.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26077", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1490" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26082.json b/2022/26xxx/CVE-2022-26082.json index a47692237eb..1d14b6032fc 100644 --- a/2022/26xxx/CVE-2022-26082.json +++ b/2022/26xxx/CVE-2022-26082.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26082", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1493" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 9.1, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26303.json b/2022/26xxx/CVE-2022-26303.json index 86e67d8a2dd..4065611ed47 100644 --- a/2022/26xxx/CVE-2022-26303.json +++ b/2022/26xxx/CVE-2022-26303.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26833.json b/2022/26xxx/CVE-2022-26833.json index dd6b1bc787f..a73ec6f571d 100644 --- a/2022/26xxx/CVE-2022-26833.json +++ b/2022/26xxx/CVE-2022-26833.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1513" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 9.4, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0121", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27169.json b/2022/27xxx/CVE-2022-27169.json index afa92fc8d04..3a724bc8a10 100644 --- a/2022/27xxx/CVE-2022-27169.json +++ b/2022/27xxx/CVE-2022-27169.json @@ -1,18 +1,72 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-27169", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2022-05-25", + "ASSIGNER": "talos-cna@cisco.com" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability." } ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1494" + } + ] + }, + "impact": { + "cvss": { + "baseScore": 7.5, + "baseSeverity": "High", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Open Automation Software", + "product": { + "product_data": [ + { + "product_name": "OAS Platform", + "version": { + "version_data": [ + { + "version_value": "V16.00.0112", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file