admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#1325

Browse Source 
Auto-merge PR#1325
This commit is contained in:
CVE Team 2021-04-22 16:45:17 -04:00 committed by GitHub
commit 93034be4b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
52 changed files with 2408 additions and 405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
2015/8xxx/CVE-2015-8214.json
View File

@ -1,55 +1,165 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2015-8214",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "SIMATIC NET CP 342-5 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.44"
}
]
}
},
{
"product_name": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.1.1"
}
]
}
},
{
"product_name": "SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.1.1"
}
]
}
},
{
"product_name": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.9"
}
]
}
},
{
"product_name": "SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.9"
}
]
}
},
{
"product_name": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET CP 443-5 Extended",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V2.6.0"
}
]
}
},
{
"product_name": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.1.0"
}
]
}
},
{
"product_name": "TIM 4R-IE (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V2.6.0"
}
]
}
},
{
"product_name": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean devices, CP 343-1 devices, TIM 3V-IE devices, TIM 3V-IE Advanced devices, TIM 3V-IE DNP3 devices, TIM 4R-IE devices, TIM 4R-IE DNP3 devices, CP 443-1 devices, and CP 443-1 Advanced devices might allow remote attackers to obtain administrative access via a session on TCP port 102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication\nprocessors (CP) could possibly allow unauthenticated users to perform administrative\noperations on the CPs if network access (port 102/TCP) is available and the CPs'\nconfiguration was stored on their corresponding CPUs.\n"
}
]
},
"references": {
"reference_data": [
{

42
2019/13xxx/CVE-2019-13924.json
View File

@ -14,6 +14,46 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE S602",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE S612",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE S623",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE S627-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
@ -66,7 +106,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface."
"value": "A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web\ninterface, which makes it vulnerable to Clickjacking attacks. \n\nThe security vulnerability could be exploited by an attacker that is able\nto trick an administrative user with a valid session on the target device into\nclicking on a website controlled by the attacker. The vulnerability could\nallow an attacker to perform administrative actions via the web interface.\n"
}
]
},

12
2019/13xxx/CVE-2019-13925.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -49,7 +49,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -76,7 +76,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server."
"value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could\ncause a Denial-of-Service condition of the web server.\n"
}
]
},

12
2019/13xxx/CVE-2019-13926.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -49,7 +49,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -76,7 +76,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device."
"value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could\ncause a Denial-of-Service condition of the web server. A cold reboot is\nrequired to restore the functionality of the device.\n"
}
]
},

18
2019/13xxx/CVE-2019-13947.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The user configuration menu in the web interface of the SiNVR 3 Central Control Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other SiNVR 3 CCS users."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the\nControl Center Server (CCS) transfers user passwords in clear to the\nclient (browser).\n\nAn attacker with administrative privileges for the web interface could be\nable to read (and not only reset) passwords of other CCS users.\n"
}
]
},

18
2019/18xxx/CVE-2019-18337.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nA remote attacker with network access to the CCS server could\nexploit this vulnerability to read the CCS users database, including\nthe passwords of all users in obfuscated cleartext.\n"
}
]
},

18
2019/18xxx/CVE-2019-18338.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\n\nAn authenticated remote attacker with network access to the CCS server\ncould exploit this vulnerability to list arbitrary directories\nor read files outside of the CCS application context.\n"
}
]
},

18
2019/18xxx/CVE-2019-18339.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V5.0.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The HTTP service (default port 5401/tcp) of the SiNVR 3 Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiNVR users database, including the passwords of all users in obfuscated cleartext."
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server\ncontains an authentication bypass vulnerability, even when properly\nconfigured with enforced authentication.\n\nA remote attacker with network access to the Video Server could \nexploit this vulnerability to read the SiVMS/SiNVR users database, including\nthe passwords of all users in obfuscated cleartext.\n"
}
]
},

24
2019/18xxx/CVE-2019-18340.json
View File

@ -11,25 +11,35 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions >= V1.5.0"
}
]
}
},
{
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "All versions < V5.0.0"
}
]
}
@ -46,7 +56,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-261: Weak Cryptography for Passwords"
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
@ -56,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). Both the SiNVR 3 Video Server and the Central Control Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store\nuser and device passwords by applying weak cryptography.\n\nA local attacker could exploit this vulnerability to extract\nthe passwords from the user database and/or the device configuration files\nto conduct further attacks.\n"
}
]
},

18
2019/18xxx/CVE-2019-18341.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) contains an authentication bypass vulnerability. A remote attacker with network access to the CCS server could exploit this vulnerability to read data from the EDIR directory (for example, the list of all configured stations)."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) contains an authentication bypass vulnerability.\n\nA remote attacker with network access to the CCS server could\nexploit this vulnerability to read data from the EDIR directory\n(for example, the list of all configured stations).\n"
}
]
},

18
2019/18xxx/CVE-2019-18342.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SFTP service (default port 22/tcp) of the SiNVR 3 Central Control Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver.\n"
}
]
},

18
2019/19xxx/CVE-2019-19290.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The DOWNLOADS section in the web interface of the SiNVR 3 Central Control Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center\nServer (CCS) contains a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server where CCS is installed.\n"
}
]
},

12
2019/19xxx/CVE-2019-19291.json
View File

@ -11,25 +11,25 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V5.0.0"
}
]
}
@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a log file that stores login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n"
}
]
},

18
2019/19xxx/CVE-2019-19292.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nread or modify the CCS database and potentially execute administrative\ndatabase operations or operating system commands.\n"
}
]
},

18
2019/19xxx/CVE-2019-19293.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface.\n"
}
]
},

18
2019/19xxx/CVE-2019-19294.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content.\n"
}
]
},

18
2019/19xxx/CVE-2019-19295.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "Control Center Server (CCS)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V1.5.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log."
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of\nsecurity-relevant activities in its XML-based communication protocol\nas provided by default on ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nperform covert actions that are not visible in the application log.\n"
}
]
},

18
2019/19xxx/CVE-2019-19296.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V5.0.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled."
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download \narbitrary files from the server, if the FTP services are enabled.\n"
}
]
},

18
2019/19xxx/CVE-2019-19297.json
View File

@ -11,25 +11,15 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V5.0.0"
}
]
}
@ -56,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server."
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n"
}
]
},

12
2019/19xxx/CVE-2019-19298.json
View File

@ -11,25 +11,25 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V5.0.0"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions >= V5.0.0"
}
]
}
@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requeats."
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests.\n"
}
]
},

14
2019/19xxx/CVE-2019-19299.json
View File

@ -11,25 +11,25 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SiNVR 3 Central Control Server (CCS)",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions < V5.0.0"
}
]
}
},
{
"product_name": "SiNVR 3 Video Server",
"product_name": "SiNVR/SiVMS Video Server",
"version": {
"version_data": [
{
"version_value": "all versions"
"version_value": "All versions >= V5.0.0"
}
]
}
@ -46,7 +46,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-261: Weak Cryptography for Passwords"
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks."
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n"
}
]
},

12
2019/6xxx/CVE-2019-6585.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -49,7 +49,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions >= V3.0 and < V4.1"
}
]
}
@ -76,7 +76,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it."
"value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow\nCross-Site Scripting (XSS) attacks if unsuspecting users are tricked into\naccessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must\nbe logged into the web interface in order for the exploitation to succeed.\n"
}
]
},

85
2020/15xxx/CVE-2020-15795.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-15795",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-15795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions < V5.2"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
}
]
}

55
2020/25xxx/CVE-2020-25243.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25243",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "LOGO! Soft Comfort",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). A zip slip vulnerability could be triggered while importing a compromised project file\nto the affected software. Chained with other vulnerabilities this vulnerability could\nultimately lead to a system takeover by an attacker.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
}
]
}

55
2020/25xxx/CVE-2020-25244.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25244",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "LOGO! Soft Comfort",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). The software insecurely loads libraries which makes it vulnerable to DLL hijacking.\nSuccessful exploitation by a local attacker could lead to a takeover of the system\nwhere the software is installed.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
}
]
}

75
2020/26xxx/CVE-2020-26997.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-26997",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "All versions < SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822: Untrusted Pointer Dereference"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
}
]
}

85
2020/27xxx/CVE-2020-27009.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-27009",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions < V5.2"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823: Use of Out-of-range Pointer Offset"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
}
]
}

119
2020/27xxx/CVE-2020-27736.json
View File

@ -1,17 +1,124 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-27736",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27736",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus 4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.0"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions < V2017.02.3"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V0.5.0.0"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170: Improper Null Termination"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
}
]
}

119
2020/27xxx/CVE-2020-27737.json
View File

@ -1,17 +1,124 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-27737",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27737",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus 4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.0"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions < V2017.02.3"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V0.5.0.0"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
}
]
}

119
2020/27xxx/CVE-2020-27738.json
View File

@ -1,17 +1,124 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-27738",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27738",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus 4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.0"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions < V2017.02.3"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V0.5.0.0"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788: Access of Memory Location After End of Buffer"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
}
]
}

16
2020/28xxx/CVE-2020-28385.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All Versions < SE2020MP13"
"version_value": "All versions < SE2020MP13"
}
]
}
@ -29,17 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP3"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "SE2021MP3"
"version_value": "All Versions < SE2021MP4"
}
]
}
@ -66,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)"
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)"
}
]
},

2
2020/28xxx/CVE-2020-28387.json
View File

@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)"
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)\n"
}
]
},

4
2020/7xxx/CVE-2020-7581.json
View File

@ -49,7 +49,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.3"
}
]
}
@ -176,7 +176,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted."
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.\n"
}
]
},

4
2020/7xxx/CVE-2020-7585.json
View File

@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V9.2"
}
]
}
@ -86,7 +86,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges.\n\nThe security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.\n"
}
]
},

4
2020/7xxx/CVE-2020-7586.json
View File

@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V9.2"
}
]
}
@ -86,7 +86,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation.\n\nThe security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.\n"
}
]
},

4
2020/7xxx/CVE-2020-7587.json
View File

@ -49,7 +49,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.3"
}
]
}
@ -196,7 +196,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could\ncause a partial remote Denial-of-Service, that would cause the service\nto restart itself.\n\nOn some cases the vulnerability could leak random information from the\nremote service.\n"
}
]
},

4
2020/7xxx/CVE-2020-7588.json
View File

@ -49,7 +49,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.3"
}
]
}
@ -196,7 +196,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself."
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a\npartial remote Denial-of-Service, that would cause the service to restart\nitself.\n"
}
]
},

95
2021/25xxx/CVE-2021-25663.json
View File

@ -1,17 +1,100 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25663",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus 4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.0"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected IPv6 stack"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected IPv6 stack"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
}
]
}

95
2021/25xxx/CVE-2021-25664.json
View File

@ -1,17 +1,100 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25664",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus 4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.0"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected IPv6 stack"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected IPv6 stack"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
}
]
}

46
2021/25xxx/CVE-2021-25667.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V4.3"
"version_value": "All versions >= V4.3 and < V6.4"
}
]
}
@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V4.3"
"version_value": "All versions >= V4.3 and < V6.4"
}
]
}
@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V4.3"
"version_value": "All versions >= V4.3 and < V6.4"
}
]
}
@ -55,7 +55,27 @@
}
},
{
"product_name": "SCALANCE X300WG",
"product_name": "SCALANCE XB-200",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE XC-200",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE XF-200BA",
"version": {
"version_data": [
{
@ -75,17 +95,17 @@
}
},
{
"product_name": "SCALANCE XR500",
"product_name": "SCALANCE XP-200",
"version": {
"version_data": [
{
"version_value": "All versions < V6.2"
"version_value": "All versions < V4.1"
}
]
}
},
{
"product_name": "SCALANCE Xx200 Family",
"product_name": "SCALANCE XR-300WG",
"version": {
"version_data": [
{
@ -93,6 +113,16 @@
}
]
}
},
{
"product_name": "SCALANCE XR500",
"version": {
"version_data": [
{
"version_value": "All versions < V6.2"
}
]
}
}
]
}
@ -116,7 +146,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3), SCALANCE M-800 (All versions >= V4.3), SCALANCE S615 (All versions >= V4.3), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE X300WG (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XR500 (All versions < V6.2), SCALANCE Xx200 Family (All versions < V4.1). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could \nallow a remote attacker to trigger a denial-of-service condition or potentially remote code execution.\n\nSuccessful exploitation requires the passive listening feature of the device to be active.\n"
}
]
},

335
2021/25xxx/CVE-2021-25668.json
View File

@ -1,17 +1,340 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25668",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
]
}

335
2021/25xxx/CVE-2021-25669.json
View File

@ -1,17 +1,340 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25669",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.1"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
}
]
}

55
2021/25xxx/CVE-2021-25670.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25670",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Tecnomatix RobotExpert",
"version": {
"version_data": [
{
"version_value": "All versions < V16.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12608)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"
}
]
}

2
2021/25xxx/CVE-2021-25676.json
View File

@ -76,7 +76,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.\n"
}
]
},

129
2021/25xxx/CVE-2021-25677.json
View File

@ -1,17 +1,134 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25677",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus 4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.0"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions < V2017.02.3"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V0.5.0.0"
}
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions >= V0.5.0.0"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
}
]
}

75
2021/25xxx/CVE-2021-25678.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25678",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "All versions < SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
}
]
}

16
2021/27xxx/CVE-2021-27380.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All Versions < SE2020MP13"
"version_value": "All versions < SE2020MP13"
}
]
}
@ -29,17 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP3"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "SE2021MP3"
"version_value": "All Versions < SE2021MP4"
}
]
}
@ -66,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3), Solid Edge SE2021 (SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)"
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)\n"
}
]
},

2
2021/27xxx/CVE-2021-27381.json
View File

@ -56,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534)"
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534)\n"
}
]
},

75
2021/27xxx/CVE-2021-27382.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27382",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27382",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "All versions < SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
}
]
}

65
2021/27xxx/CVE-2021-27389.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27389",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Opcenter Quality",
"version": {
"version_data": [
{
"version_value": "All versions < V12.2"
}
]
}
},
{
"product_name": "QMS Automotive",
"version": {
"version_data": [
{
"version_value": "All versions < V12.30"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
}
]
}

125
2021/27xxx/CVE-2021-27392.json
View File

@ -1,17 +1,130 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27392",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2020 R3"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2020 R2"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2020 R1"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2019 R3"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2019 R2"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2019 R1"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2018 R3"
}
]
}
},
{
"product_name": "Siveillance Video Open Network Bridge",
"version": {
"version_data": [
{
"version_value": "2018 R2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK.\n\nThis could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
}
]
}

95
2021/27xxx/CVE-2021-27393.json
View File

@ -1,17 +1,100 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27393",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus RTOS",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "Nucleus ReadyStart",
"version": {
"version_data": [
{
"version_value": "All versions < V2013.08"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
},
{
"product_name": "VSTAR",
"version": {
"version_data": [
{
"version_value": "versions including affected DNS modules"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
]
}