admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-18 16:00:54 +00:00
parent 98dd961d83
commit 69e83dccd2
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
8 changed files with 1012 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2023/50xxx/CVE-2023-50956.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-50956",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 \n\ncould allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Plaintext Storage of a Password",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Storage Defender - Resiliency Service",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7178587",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7178587"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

216
2024/12xxx/CVE-2024-12371.json
View File

@ -1,18 +1,226 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "PM1k 1408-BC3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-BC3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TS3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TS3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR1A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR2A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<v4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM1A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM2A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR1A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR2A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM1A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM2A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1714",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p>Affected Products</p></td><td><p>Affected firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>PM1k 1408-BC3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-BC3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-485<b></b></p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr></tbody></table>\n\n<br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. &nbsp; </p><p>\u00b7 &nbsp; &nbsp; &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>"
}
],
"value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n<4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
}

216
2024/12xxx/CVE-2024-12372.json
View File

@ -1,18 +1,226 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "PM1k 1408-BC3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-BC3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TS3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TS3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR1A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR2A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<v4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM1A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM2A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR1A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR2A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM1A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM2A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1714",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p>Affected Products</p></td><td><p>Affected firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>PM1k 1408-BC3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-BC3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-485<b></b></p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr></tbody></table>\n\n<br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. &nbsp; </p><p>\u00b7 &nbsp; &nbsp; &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>"
}
],
"value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n<4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
}

216
2024/12xxx/CVE-2024-12373.json
View File

@ -1,18 +1,226 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "PM1k 1408-BC3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-BC3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TS3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TS3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM3A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM3A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR1A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR2A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<v4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM1A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM2A-485",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR1A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-TR2A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM1A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
},
{
"product_name": "PM1k 1408-EM2A-ENT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<4.020"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html",
"refsource": "MISC",
"name": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1714.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "SD1714",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<table><tbody><tr><td><p>Affected Products</p></td><td><p>Affected firmware revision</p></td><td><p>Corrected in firmware revision</p></td></tr><tr><td><p>PM1k 1408-BC3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-BC3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TS3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM3A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-485<b></b></p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-485</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-TR2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM1A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr><tr><td><p>PM1k 1408-EM2A-ENT</p></td><td><p>&lt;4.020</p></td><td><p>4.020</p></td></tr></tbody></table>\n\n<br>\n\n<p><b>Mitigations and Workarounds</b></p><p>Users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. &nbsp; </p><p>\u00b7 &nbsp; &nbsp; &nbsp; <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\">Security Best Practices</a></p>\n\n<br>"
}
],
"value": "Affected Products\n\nAffected firmware revision\n\nCorrected in firmware revision\n\nPM1k 1408-BC3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-BC3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TS3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM3A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-485\n\n<4.020\n\n4.020\n\nPM1k 1408-TR1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-TR2A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM1A-ENT\n\n<4.020\n\n4.020\n\nPM1k 1408-EM2A-ENT\n\n<4.020\n\n4.020\n\n\n\n\n\n\nMitigations and Workarounds\n\nUsers using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible. \u00a0 \n\n\u00b7 \u00a0 \u00a0 \u00a0 Security Best Practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
}
]
}

79
2024/47xxx/CVE-2024-47119.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Storage Defender - Resiliency Service",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7178587",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7178587"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

78
2024/47xxx/CVE-2024-47810.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47810",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Foxit",
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024.3.0.26795"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by KPC of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

78
2024/49xxx/CVE-2024-49576.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49576",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Foxit",
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2024.3.0.26795"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by KPC of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

79
2024/52xxx/CVE-2024-52361.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 \n\n\n\n\u00a0stores user credentials in plain text which can be read by an authenticated user with access to the pod."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Plaintext Storage of a Password",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Storage Defender - Resiliency Service",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7178587",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7178587"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}