admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-14 20:00:53 +00:00
parent ff85b5a6f3
commit 81d6e59040
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
29 changed files with 1398 additions and 1233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2018/16xxx/CVE-2018-16556.json
View File

@ -8,62 +8,63 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-400 (incl. F) V6 and below",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400H V4.5 and below",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400H V6",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V6.0.9"
"version_value": "All versions < V6.0.9"
}
]
}
},
{
{
"product_name": "SIMATIC S7-410",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V8.2.1"
"version_value": "All versions < V8.2.1"
}
]
}
} ]
}
]
}
}
]
@ -82,15 +83,16 @@
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]
},
@ -98,8 +100,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation.\n\nSuccessful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

67
2018/16xxx/CVE-2018-16557.json
View File

@ -8,62 +8,63 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-400 (incl. F) V6 and below",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400H V4.5 and below",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400H V6",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V6.0.9"
"version_value": "All versions < V6.0.9"
}
]
}
},
{
{
"product_name": "SIMATIC S7-410",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V8.2.1"
"version_value": "All versions < V8.2.1"
}
]
}
} ]
}
]
}
}
]
@ -82,15 +83,16 @@
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
}
]
},
@ -98,9 +100,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU.\n\nSuccessful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

48
2018/16xxx/CVE-2018-16656.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16656",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://mars-cheng.github.io/blog/2019/CVE-2018-16656",
"url": "https://mars-cheng.github.io/blog/2019/CVE-2018-16656"
}
]
}

135
2018/4xxx/CVE-2018-4843.json
View File

@ -8,152 +8,153 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 343-1 Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP 343-1 Standard",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP 443-1 Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP 443-1 Standard",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-1500 Software Controller incl. F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V1.7.0"
"version_value": "All versions < V1.7.0"
}
]
}
},
{
{
"product_name": "SIMATIC S7-1500 incl. F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V1.7.0"
"version_value": "All versions < V1.7.0"
}
]
}
},
{
{
"product_name": "SIMATIC S7-300 incl. F and T",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V3.X.16"
"version_value": "All versions < V3.X.16"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 H V6",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V6.0.9"
"version_value": "All versions < V6.0.9"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 PN/DP V6 Incl. F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V6.0.7"
"version_value": "All versions < V6.0.7"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 PN/DP V7 Incl. F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-410",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V8.1"
"version_value": "All versions < V8.1"
}
]
}
},
{
{
"product_name": "SIMATIC WinAC RTX 2010 incl. F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINUMERIK 828D",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V4.7 SP6 HF1"
"version_value": "All versions < V4.7 SP6 HF1"
}
]
}
},
{
{
"product_name": "Softnet PROFINET IO for PC-based Windows systems",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -172,10 +173,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
}
]
},
@ -183,9 +185,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system.\n\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
"value": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
}
]
}
}
}

5
2018/7xxx/CVE-2018-7765.json
View File

@ -57,6 +57,11 @@
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
},
{
"refsource": "FULLDISC",
"name": "20190514 [CVE-2018-7841] Schneider Electric U.Motion Builder <= 1.3.4 track_import_export.php object_id Unauthenticated Command Injection",
"url": "http://seclists.org/fulldisclosure/2019/May/26"
}
]
}

119
2019/10xxx/CVE-2019-10916.json
View File

@ -8,132 +8,133 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V7.5 Upd3"
"version_value": "All versions < V7.5 Upd3"
}
]
}
} ]
}
]
}
}
]
@ -152,10 +153,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -163,9 +165,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 Upd3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server.\n\nThe vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 Upd3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

119
2019/10xxx/CVE-2019-10917.json
View File

@ -8,132 +8,133 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V7.5 Upd3"
"version_value": "All versions < V7.5 Upd3"
}
]
}
} ]
}
]
}
}
]
@ -152,10 +153,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -163,9 +165,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 Upd3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded.\n\nSuccessful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 Upd3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

118
2019/10xxx/CVE-2019-10918.json
View File

@ -8,132 +8,133 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V7.5 Upd3"
"version_value": "All versions < V7.5 Upd3"
}
]
}
} ]
}
]
}
}
]
@ -152,10 +153,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -163,8 +165,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 Upd3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges.\n\nThe vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 Upd3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

30
2019/10xxx/CVE-2019-10919.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "LOGO!8 BM",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -42,10 +43,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
}
]
},
@ -53,8 +55,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO!8 BM (All versions). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in LOGO!8 BM (All versions). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files from the devices. The system manual recommends to protect access to this port. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

30
2019/10xxx/CVE-2019-10920.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "LOGO!8 BM",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -42,10 +43,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
}
]
},
@ -53,8 +55,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO!8 BM (All versions). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in LOGO!8 BM (All versions). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

31
2019/10xxx/CVE-2019-10921.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "LOGO!8 BM",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -42,10 +43,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
}
]
},
@ -53,9 +55,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO!8 BM (All versions). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known"
"value": "A vulnerability has been identified in LOGO!8 BM (All versions). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known"
}
]
}
}
}

55
2019/10xxx/CVE-2019-10922.json
View File

@ -8,52 +8,53 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1 and newer",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3 and newer",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -72,10 +73,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
}
]
},
@ -83,9 +85,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without \"Encrypted Communication\", can execute arbitrary code.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 and newer (All versions). An attacker with network access to affected installations, which are configured without \"Encrypted Communication\", can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

30
2019/10xxx/CVE-2019-10924.json
View File

@ -8,22 +8,23 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "LOGO! Soft Comfort",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -42,10 +43,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
}
]
},
@ -53,8 +55,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project.\n\nIn order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. In order to exploit the vulnerability, a valid user must open a manipulated project file. No further privileges are required on the target system. The vulnerability could compromise the confidentiality, integrity and availability of the engineering station. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

154
2019/11xxx/CVE-2019-11204.json
View File

@ -1,95 +1,99 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
}
]
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"name": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204",
"refsource": "MISC",
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher\n"
}
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher\n"
}
],
"source": {
"discovery": "USER"
"discovery": "USER"
}
}
}

240
2019/11xxx/CVE-2019-11205.json
View File

@ -1,138 +1,142 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11205",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11205",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "7.14.1"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "7.14.1"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.\n"
}
]
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component."
}
]
}
]
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
}
]
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"name": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205",
"refsource": "MISC",
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher\n"
}
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher\n"
}
],
"source": {
"discovery": "INTERNAL"
"discovery": "INTERNAL"
}
}
}

222
2019/11xxx/CVE-2019-11206.json
View File

@ -1,130 +1,134 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11206",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11206",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.11.2"
},
{
"affected": "=",
"version_value": "7.12.0"
},
{
"affected": "=",
"version_value": "7.13.0"
},
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.11.2"
},
{
"affected": "=",
"version_value": "7.12.0"
},
{
"affected": "=",
"version_value": "7.13.0"
},
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
]
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment."
}
]
}
]
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
}
]
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"name": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206",
"refsource": "MISC",
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "USER"
"discovery": "USER"
}
}

18
2019/12xxx/CVE-2019-12094.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12095.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12096.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12096",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/12xxx/CVE-2019-12097.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12097",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2019/3xxx/CVE-2019-3568.json
View File

@ -175,4 +175,4 @@
}
]
}
}
}

5
2019/5xxx/CVE-2019-5008.json
View File

@ -66,6 +66,11 @@
"refsource": "BID",
"name": "108024",
"url": "http://www.securityfocus.com/bid/108024"
},
{
"refsource": "UBUNTU",
"name": "USN-3978-1",
"url": "https://usn.ubuntu.com/3978-1/"
}
]
}

511
2019/6xxx/CVE-2019-6568.json
View File

@ -8,622 +8,623 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "CP1604",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "CP1616",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIAMTIC RF185C",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP343-1 Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP443-1",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP443-1 Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC CP443-1 OPC UA",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V2.1.6"
"version_value": "All versions < V2.1.6"
}
]
}
},
{
{
"product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC2",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC IPC DiagMonitor",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC RF181-EIP",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC RF182C",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC RF186C",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC RF188C",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC RF600R",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-1500 CPU family",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V2.6.1"
"version_value": "All versions < V2.6.1"
}
]
}
},
{
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-300 CPU family",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V3.X.16"
"version_value": "All versions < V3.X.16"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 PN (incl. F) V6 and below",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V2.0 SP1 UPD1"
"version_value": "All versions < V2.0 SP1 UPD1"
}
]
}
},
{
{
"product_name": "SIMATIC Teleservice Adapter IE Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC Teleservice Adapter IE Basic",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC Teleservice Adapter IE Standard",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinAC RTX 2010",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMOCODE pro V EIP",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMOCODE pro V PN",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G130 V4.6 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G130 V4.7 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G130 V4.7 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G130 V4.8 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V4.8 HF6"
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
{
"product_name": "SINAMICS G130 V5.1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G130 V5.1 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V5.1 SP1 HF4"
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
{
"product_name": "SINAMICS G150 V4.6 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G150 V4.7 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G150 V4.7 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G150 V4.8 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V4.8 HF6"
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
{
"product_name": "SINAMICS G150 V5.1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS G150 V5.1 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V5.1 SP1 HF4"
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
{
"product_name": "SINAMICS S120 V4.6 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S120 V4.7 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S120 V4.7 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S120 V4.8 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V4.8 HF6"
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
{
"product_name": "SINAMICS S120 V5.1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S120 V5.1 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V5.1 SP1 HF4"
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
{
"product_name": "SINAMICS S150 V4.6 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S150 V4.7 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S150 V4.7 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S150 V4.8 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V4.8 HF6"
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
{
"product_name": "SINAMICS S150 V5.1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S150 V5.1 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V5.1 SP1 HF4"
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
{
"product_name": "SINAMICS S210 V5.1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINAMICS S210 V5.1 SP1 (Control Unit)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SITOP Manager",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SITOP PSU8600",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SITOP UPS1600",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "TIM 1531 IRC",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -642,10 +643,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
}
]
},
@ -653,9 +655,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIAMTIC RF185C (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF186C (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIAMTIC RF185C (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF186C (All versions), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

78
2019/6xxx/CVE-2019-6572.json
View File

@ -8,82 +8,83 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -102,10 +103,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
}
]
},
@ -113,8 +115,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

140
2019/6xxx/CVE-2019-6574.json
View File

@ -1,70 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-6574",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product_name": "SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
"version" : {
"version_data" : [
{
"version_value" : "All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46"
}
]
}
},
{
"product_name": "SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
"version" : {
"version_data" : [
{
"version_value" : "All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46"
}
]
}
} ]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
}
]
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-6574",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart.\n\nThe vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
"version": {
"version_data": [
{
"version_value": "All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46"
}
]
}
},
{
"product_name": "SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
"version": {
"version_data": [
{
"version_value": "All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G21, G22, G23, G26, G28, G31, G32, G38, G43 or G46). An improperly configured Parameter Read/Write execution via Field bus network may cause the controller to restart. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}

159
2019/6xxx/CVE-2019-6575.json
View File

@ -8,182 +8,183 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC CP443-1 OPC UA",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC ET 200 Open Controller CPU 1515SP PC2",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC IPC DiagMonitor",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC NET PC Software",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions >= V7.1"
"version_value": "All versions >= V7.1"
}
]
}
},
{
{
"product_name": "SIMATIC RF188C",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC RF600R",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC S7-1500 CPU family",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions >= V2.5 < V2.6.1"
"version_value": "All versions >= V2.5 < V2.6.1"
}
]
}
},
{
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions >= V2.5"
"version_value": "All versions >= V2.5"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC OA",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V3.15-P018"
"version_value": "All versions < V3.15-P018"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINEC-NMS",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINEMA Server",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
},
{
{
"product_name": "SINUMERIK OPC UA Server",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V2.1"
"version_value": "All versions < V2.1"
}
]
}
},
{
{
"product_name": "TeleControl Server Basic",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -202,10 +203,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
]
},
@ -213,9 +215,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions), SIMATIC RF600R (All versions), SIMATIC S7-1500 CPU family (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions >= V2.5), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SINEC-NMS (All versions), SINEMA Server (All versions), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

78
2019/6xxx/CVE-2019-6576.json
View File

@ -8,82 +8,83 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -102,10 +103,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
}
]
},
@ -113,8 +115,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic.\n\nThe security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user.\n\nAt the time of advisory publication no public exploitation of the security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known."
}
]
}
}
}

79
2019/6xxx/CVE-2019-6577.json
View File

@ -8,82 +8,83 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions < V15.1 Update 1"
"version_value": "All versions < V15.1 Update 1"
}
]
}
},
{
{
"product_name": "SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel)",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
} ]
}
]
}
}
]
@ -102,10 +103,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
}
]
},
@ -113,9 +115,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system.\n\nAt the stage of publishing this security advisory no public exploitation is known."
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known."
}
]
}
}
}

38
2019/6xxx/CVE-2019-6578.json
View File

@ -8,32 +8,33 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product": {
"product_data": [
{
"product_name": "SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All Versions with option G28"
"version_value": "All Versions with option G28"
}
]
}
},
{
{
"product_name": "SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...-",
"version" : {
"version_data" : [
"version": {
"version_data": [
{
"version_value" : "All Versions with option G28"
"version_value": "All Versions with option G28"
}
]
}
} ]
}
]
}
}
]
@ -52,10 +53,11 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
}
]
},
@ -63,8 +65,8 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products.\n\nThe vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28), SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- (All Versions with option G28). A denial of service vulnerability exists in the affected products. The vulnerability could be exploited by an attacker with network access to the device. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}