admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-30 00:00:39 +00:00
parent 130acfe6fa
commit 8a9a67cfff
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
5 changed files with 505 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2021/21xxx/CVE-2021-21265.json
View File

@ -1,36 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21265",
"STATE": "PUBLIC",
"TITLE": "Potential Host Header Poisoning on misconfigured servers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "october",
"version": {
"version_data": [
{
"version_value": "< 1.1.2"
}
]
}
}
]
},
"vendor_name": "octobercms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-21265",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -39,55 +15,97 @@
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax"
"value": "CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax",
"cweId": "CWE-644"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "octobercms",
"product": {
"product_data": [
{
"product_name": "october",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp"
"url": "https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp",
"refsource": "MISC",
"name": "https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp"
},
{
"name": "https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6",
"url": "https://github.com/octobercms/library/commit/f29865ae3db7a03be7c49294cd93980ec457f10d",
"refsource": "MISC",
"url": "https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6"
"name": "https://github.com/octobercms/library/commit/f29865ae3db7a03be7c49294cd93980ec457f10d"
},
{
"name": "https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0",
"url": "https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6",
"refsource": "MISC",
"url": "https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0"
"name": "https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6"
},
{
"url": "https://github.com/octobercms/october/commit/555ab61f2313f45d7d5d138656420ead536c5d30",
"refsource": "MISC",
"name": "https://github.com/octobercms/october/commit/555ab61f2313f45d7d5d138656420ead536c5d30"
},
{
"url": "https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0",
"refsource": "MISC",
"name": "https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0"
},
{
"url": "https://packagist.org/packages/october/backend",
"refsource": "MISC",
"name": "https://packagist.org/packages/october/backend"
}
]
},
"source": {
"advisory": "GHSA-xhfx-hgmf-v6vp",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}
}

204
2021/29xxx/CVE-2021-29505.json
View File

@ -1,36 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29505",
"STATE": "PUBLIC",
"TITLE": "XStream is vulnerable to a Remote Command Execution attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_value": "< 1.4.17"
}
]
}
}
]
},
"vendor_name": "x-stream"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-29505",
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -39,29 +15,14 @@
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
},
@ -69,83 +30,136 @@
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "x-stream",
"product": {
"product_data": [
{
"product_name": "xstream",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.4.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc",
"refsource": "CONFIRM",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc"
},
{
"name": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc",
"refsource": "MISC",
"url": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f"
"name": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc"
},
{
"refsource": "MLIST",
"name": "[jmeter-dev] 20210607 [GitHub] [jmeter] sseide opened a new pull request #667: update x-stream to 1.4.17 (from 1.4.16)",
"url": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210705 [SECURITY] [DLA 2704-1] libxstream-java security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-fbad11014a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-d894ca87dc",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"url": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
"name": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210708-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210708-0007/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-5e376c0ed9",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
},
{
"refsource": "DEBIAN",
"name": "DSA-5004",
"url": "https://www.debian.org/security/2021/dsa-5004"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"url": "https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
"name": "https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227"
},
{
"url": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E",
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210708-0007",
"refsource": "MISC",
"name": "https://security.netapp.com/advisory/ntap-20210708-0007"
},
{
"url": "https://www.debian.org/security/2021/dsa-5004",
"refsource": "MISC",
"name": "https://www.debian.org/security/2021/dsa-5004"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://x-stream.github.io/CVE-2021-29505.html",
"refsource": "MISC",
"name": "https://x-stream.github.io/CVE-2021-29505.html"
}
]
},
"source": {
"advisory": "GHSA-7chv-rrw6-w6fc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

103
2025/1xxx/CVE-2025-1907.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1907",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Instantel",
"product": {
"product_data": [
{
"product_name": "Micromate",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04"
},
{
"url": "https://www.instantel.com/service-and-support/contact-technical-support",
"refsource": "MISC",
"name": "https://www.instantel.com/service-and-support/contact-technical-support"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-148-04",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Instantel is actively working on a firmware update to address this \nvulnerability. In the meantime, Micromate users are advised to implement\n the following workaround measures:</p>\n<ul>\n<li>Establish and maintain a list of approved IP addresses that are \nallowed to access the modem. This measure will help prevent unauthorized\n access.</li>\n</ul>\n<p>For more information, please contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.instantel.com/service-and-support/contact-technical-support\">Instantel technical support.</a></p>"
}
],
"value": "Instantel is actively working on a firmware update to address this \nvulnerability. In the meantime, Micromate users are advised to implement\n the following workaround measures:\n\n\n\n * Establish and maintain a list of approved IP addresses that are \nallowed to access the modem. This measure will help prevent unauthorized\n access.\n\n\n\n\nFor more information, please contact Instantel technical support. https://www.instantel.com/service-and-support/contact-technical-support"
}
],
"credits": [
{
"lang": "en",
"value": "Souvik Kandar of MicroSec reported this vulnerability to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

116
2025/41xxx/CVE-2025-41438.json
View File

@ -1,17 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-41438",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CS5000 Fire Panel is vulnerable due to a default account that exists\n on the panel. Even though it is possible to change this by SSHing into \nthe device, it has remained unchanged on every installed system \nobserved. This account is not root but holds high-level permissions that\n could severely impact the device's operation if exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1188",
"cweId": "CWE-1188"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Consilium Safety",
"product": {
"product_data": [
{
"product_name": "CS5000 Fire Panel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
},
{
"url": "https://www.consiliumsafety.com/en/support/",
"refsource": "MISC",
"name": "https://www.consiliumsafety.com/en/support/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-148-03",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.</p>\n<p>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.</p>\n<p>Users of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.</p><p>More product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>.\n\n<br></p>"
}
],
"value": "Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\n\n\nUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\nUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ ."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.<br></div>\nMore product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>."
}
],
"value": "Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ ."
}
],
"credits": [
{
"lang": "en",
"value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

116
2025/46xxx/CVE-2025-46352.json
View File

@ -1,17 +1,125 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CS5000 Fire Panel is vulnerable due to a hard-coded password that \nruns on a VNC server and is visible as a string in the binary \nresponsible for running VNC. This password cannot be altered, allowing \nanyone with knowledge of it to gain remote access to the panel. Such \naccess could enable an attacker to operate the panel remotely, \npotentially putting the fire panel into a non-functional state and \ncausing serious safety issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Consilium Safety",
"product": {
"product_data": [
{
"product_name": "CS5000 Fire Panel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03"
},
{
"url": "https://www.consiliumsafety.com/en/support/",
"refsource": "MISC",
"name": "https://www.consiliumsafety.com/en/support/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-148-03",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.</p>\n<p>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.</p>\n<p>Users of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.</p><p>More product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>.\n\n<br></p>"
}
],
"value": "Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.\n\n\nUsers wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\nUsers of the CS5000 Fire Panel are recommended to implement \ncompensating countermeasures, such as physical security and access \ncontrol restrictions for dedicated personnel.\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ ."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div>Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.<br></div>\nMore product safety information can be found on Consilium Safety's <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.consiliumsafety.com/en/support/\">support webpage</a>."
}
],
"value": "Users wanting enhanced security features are advised to upgrade to \nConsilium Safety's newer line of fire panels. Specifically, products \nmanufactured after July 1, 2024, incorporate more secure-by-design \nprinciples.\n\n\n\nMore product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ ."
}
],
"credits": [
{
"lang": "en",
"value": "Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}