diff --git a/2020/28xxx/CVE-2020-28214.json b/2020/28xxx/CVE-2020-28214.json index bae27a60cde..06567a7238e 100644 --- a/2020/28xxx/CVE-2020-28214.json +++ b/2020/28xxx/CVE-2020-28214.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M221 (all references, all versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M221 (all references, all versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-760: Use of a One-Way Hash with a Predictable Salt" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide." } ] } diff --git a/2020/28xxx/CVE-2020-28215.json b/2020/28xxx/CVE-2020-28215.json index 3fcce1f1f7a..e5d48f30791 100644 --- a/2020/28xxx/CVE-2020-28215.json +++ b/2020/28xxx/CVE-2020-28215.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28215", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (firmware 2.7 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (firmware 2.7 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently." } ] } diff --git a/2020/28xxx/CVE-2020-28216.json b/2020/28xxx/CVE-2020-28216.json index f6cb30f553f..1d45d4fc940 100644 --- a/2020/28xxx/CVE-2020-28216.json +++ b/2020/28xxx/CVE-2020-28216.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (firmware 2.7 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (firmware 2.7 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311: Missing Encryption of Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol." } ] } diff --git a/2020/28xxx/CVE-2020-28217.json b/2020/28xxx/CVE-2020-28217.json index b772d9d27b3..c2c65d9ab96 100644 --- a/2020/28xxx/CVE-2020-28217.json +++ b/2020/28xxx/CVE-2020-28217.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (firmware 2.7 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (firmware 2.7 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-311: Missing Encryption of Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol." } ] } diff --git a/2020/28xxx/CVE-2020-28218.json b/2020/28xxx/CVE-2020-28218.json index 4db63afe655..7299138c32d 100644 --- a/2020/28xxx/CVE-2020-28218.json +++ b/2020/28xxx/CVE-2020-28218.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (firmware 2.7 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (firmware 2.7 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-06/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action." } ] } diff --git a/2020/28xxx/CVE-2020-28219.json b/2020/28xxx/CVE-2020-28219.json index eaf26c9f530..dc7e7aaf98a 100644 --- a/2020/28xxx/CVE-2020-28219.json +++ b/2020/28xxx/CVE-2020-28219.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-02/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-02/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX." } ] } diff --git a/2020/28xxx/CVE-2020-28220.json b/2020/28xxx/CVE-2020-28220.json index 59a1e8692e7..dbad9202ec6 100644 --- a/2020/28xxx/CVE-2020-28220.json +++ b/2020/28xxx/CVE-2020-28220.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-09/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified." } ] } diff --git a/2020/29xxx/CVE-2020-29074.json b/2020/29xxx/CVE-2020-29074.json index 9345a66b0a0..948a773fc54 100644 --- a/2020/29xxx/CVE-2020-29074.json +++ b/2020/29xxx/CVE-2020-29074.json @@ -61,6 +61,11 @@ "refsource": "DEBIAN", "name": "DSA-4799", "url": "https://www.debian.org/security/2020/dsa-4799" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2490-1] x11vnc security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00018.html" } ] } diff --git a/2020/35xxx/CVE-2020-35121.json b/2020/35xxx/CVE-2020-35121.json new file mode 100644 index 00000000000..57026b49fa2 --- /dev/null +++ b/2020/35xxx/CVE-2020-35121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35122.json b/2020/35xxx/CVE-2020-35122.json new file mode 100644 index 00000000000..54fe58c61cf --- /dev/null +++ b/2020/35xxx/CVE-2020-35122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/35xxx/CVE-2020-35123.json b/2020/35xxx/CVE-2020-35123.json new file mode 100644 index 00000000000..cbcd1d78f11 --- /dev/null +++ b/2020/35xxx/CVE-2020-35123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-35123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7535.json b/2020/7xxx/CVE-2020-7535.json index 9cbd987671c..eee527a0e19 100644 --- a/2020/7xxx/CVE-2020-7535.json +++ b/2020/7xxx/CVE-2020-7535.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP." } ] } diff --git a/2020/7xxx/CVE-2020-7536.json b/2020/7xxx/CVE-2020-7536.json index 3af9bb97dab..3639341d487 100644 --- a/2020/7xxx/CVE-2020-7536.json +++ b/2020/7xxx/CVE-2020-7536.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP." } ] } diff --git a/2020/7xxx/CVE-2020-7537.json b/2020/7xxx/CVE-2020-7537.json index c28d5fd95dd..a66b36a2314 100644 --- a/2020/7xxx/CVE-2020-7537.json +++ b/2020/7xxx/CVE-2020-7537.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller." } ] } diff --git a/2020/7xxx/CVE-2020-7539.json b/2020/7xxx/CVE-2020-7539.json index 8986a2342b7..1b0393a0509 100644 --- a/2020/7xxx/CVE-2020-7539.json +++ b/2020/7xxx/CVE-2020-7539.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP." } ] } diff --git a/2020/7xxx/CVE-2020-7540.json b/2020/7xxx/CVE-2020-7540.json index b9d088718a9..12f2d547685 100644 --- a/2020/7xxx/CVE-2020-7540.json +++ b/2020/7xxx/CVE-2020-7540.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests." } ] } diff --git a/2020/7xxx/CVE-2020-7541.json b/2020/7xxx/CVE-2020-7541.json index 2d75e492c04..2ff5d7e11ef 100644 --- a/2020/7xxx/CVE-2020-7541.json +++ b/2020/7xxx/CVE-2020-7541.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-425: Direct Request ('Forced Browsing') vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP." } ] } diff --git a/2020/7xxx/CVE-2020-7542.json b/2020/7xxx/CVE-2020-7542.json index a113696bd2e..bab7f7f044f 100644 --- a/2020/7xxx/CVE-2020-7542.json +++ b/2020/7xxx/CVE-2020-7542.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller." } ] } diff --git a/2020/7xxx/CVE-2020-7543.json b/2020/7xxx/CVE-2020-7543.json index 4cf5ec9e064..be3ad279041 100644 --- a/2020/7xxx/CVE-2020-7543.json +++ b/2020/7xxx/CVE-2020-7543.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller." } ] } diff --git a/2020/7xxx/CVE-2020-7549.json b/2020/7xxx/CVE-2020-7549.json index 6e1391e1122..02d9442be02 100644 --- a/2020/7xxx/CVE-2020-7549.json +++ b/2020/7xxx/CVE-2020-7549.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", + "version": { + "version_data": [ + { + "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP." } ] } diff --git a/2020/7xxx/CVE-2020-7560.json b/2020/7xxx/CVE-2020-7560.json index 5ebbaefb2ce..ea0c577521e 100644 --- a/2020/7xxx/CVE-2020-7560.json +++ b/2020/7xxx/CVE-2020-7560.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure\u2122 Control Expert (all versions) and Unity Pro (former name of EcoStruxure\u2122 Control Expert) (all versions)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure\u2122 Control Expert (all versions) and Unity Pro (former name of EcoStruxure\u2122 Control Expert) (all versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-123: Write-what-where Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure\u2122 Control Expert (all versions) and Unity Pro (former name of EcoStruxure\u2122 Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure\u2122 Control Expert software." } ] }