From 9b7a6e3d695891147a5d0671c95f2a039c3ec1a1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 May 2023 20:00:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/45xxx/CVE-2021-45345.json | 66 ++++++++++- 2022/36xxx/CVE-2022-36329.json | 111 +++++++++++++++++- 2023/2xxx/CVE-2023-2310.json | 200 ++++++++++++++++++++++++++++++++- 2023/2xxx/CVE-2023-2636.json | 18 +++ 2023/30xxx/CVE-2023-30194.json | 75 ++++++++++++- 2023/31xxx/CVE-2023-31148.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31149.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31150.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31151.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31152.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31153.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31154.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31155.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31156.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31157.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31158.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31159.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31160.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31161.json | 138 ++++++++++++++++++++++- 2023/31xxx/CVE-2023-31162.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31163.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31164.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31165.json | 198 +++++++++++++++++++++++++++++++- 2023/31xxx/CVE-2023-31166.json | 198 +++++++++++++++++++++++++++++++- 24 files changed, 4076 insertions(+), 96 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2636.json diff --git a/2021/45xxx/CVE-2021-45345.json b/2021/45xxx/CVE-2021-45345.json index 1b2c7874d3c..ec9f1b435d9 100644 --- a/2021/45xxx/CVE-2021-45345.json +++ b/2021/45xxx/CVE-2021-45345.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45345", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45345", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/0xHop/0d065694d56ac3943d8e8c239d80c63f", + "refsource": "MISC", + "name": "https://gist.github.com/0xHop/0d065694d56ac3943d8e8c239d80c63f" + }, + { + "url": "https://sourceforge.net/projects/webcamserv/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/webcamserv/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/0xHop/337e65ec684b8866e86f4b25b8f1dbc7", + "url": "https://gist.github.com/0xHop/337e65ec684b8866e86f4b25b8f1dbc7" } ] } diff --git a/2022/36xxx/CVE-2022-36329.json b/2022/36xxx/CVE-2022-36329.json index c7716d7bf42..591e497ff79 100644 --- a/2022/36xxx/CVE-2022-36329.json +++ b/2022/36xxx/CVE-2022-36329.json @@ -1,17 +1,120 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-36329", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@wdc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: through 9.4.0-191; ibi: through 9.4.0-191.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Western Digital", + "product": { + "product_data": [ + { + "product_name": "My Cloud Home and My Cloud Home Duo", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "9.4.0-191" + } + ] + } + } + ] + } + }, + { + "vendor_name": "SanDisk", + "product": { + "product_data": [ + { + "product_name": "ibi", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "9.4.0-191" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191", + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

All devices will be automatically updated to reflect the latest firmware version.

" + } + ], + "value": "All devices will be automatically updated to reflect the latest firmware version.\n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2310.json b/2023/2xxx/CVE-2023-2310.json index 0924cffa9a8..263e7d3bfe2 100644 --- a/2023/2xxx/CVE-2023-2310.json +++ b/2023/2xxx/CVE-2023-2310.json @@ -1,17 +1,209 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2310", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300 Channel Accessible by Non-Endpoint", + "cweId": "CWE-300" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R100-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Schweitzer Engineering Laboratories, Inc.", + "product": { + "product_data": [ + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R108-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R113-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2636.json b/2023/2xxx/CVE-2023-2636.json new file mode 100644 index 00000000000..8c223482821 --- /dev/null +++ b/2023/2xxx/CVE-2023-2636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/30xxx/CVE-2023-30194.json b/2023/30xxx/CVE-2023-30194.json index 2da8892d39e..92fb16771ba 100644 --- a/2023/30xxx/CVE-2023-30194.json +++ b/2023/30xxx/CVE-2023-30194.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-30194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-30194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook()." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/user/posthemes/portfolio", + "refsource": "MISC", + "name": "https://themeforest.net/user/posthemes/portfolio" + }, + { + "refsource": "MISC", + "name": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/09/posstaticfooter.html", + "url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/09/posstaticfooter.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31148.json b/2023/31xxx/CVE-2023-31148.json index 5442524bf4a..9148ff423b1 100644 --- a/2023/31xxx/CVE-2023-31148.json +++ b/2023/31xxx/CVE-2023-31148.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31148", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31149.json b/2023/31xxx/CVE-2023-31149.json index 075e0981dc4..4d437c9a7c4 100644 --- a/2023/31xxx/CVE-2023-31149.json +++ b/2023/31xxx/CVE-2023-31149.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31149", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31150.json b/2023/31xxx/CVE-2023-31150.json index 085905b377b..38f186ce8c5 100644 --- a/2023/31xxx/CVE-2023-31150.json +++ b/2023/31xxx/CVE-2023-31150.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-257 Storing Passwords in a Recoverable Format", + "cweId": "CWE-257" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R122-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31151.json b/2023/31xxx/CVE-2023-31151.json index ccc73d02767..054b340c13a 100644 --- a/2023/31xxx/CVE-2023-31151.json +++ b/2023/31xxx/CVE-2023-31151.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31152.json b/2023/31xxx/CVE-2023-31152.json index 457272928e0..f80625829a5 100644 --- a/2023/31xxx/CVE-2023-31152.json +++ b/2023/31xxx/CVE-2023-31152.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", + "cweId": "CWE-288" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R147-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31153.json b/2023/31xxx/CVE-2023-31153.json index 2ba65c76225..3b73b1044dc 100644 --- a/2023/31xxx/CVE-2023-31153.json +++ b/2023/31xxx/CVE-2023-31153.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R109-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R109-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R113-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31154.json b/2023/31xxx/CVE-2023-31154.json index 9ae0ba2cbc6..d0254542650 100644 --- a/2023/31xxx/CVE-2023-31154.json +++ b/2023/31xxx/CVE-2023-31154.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31155.json b/2023/31xxx/CVE-2023-31155.json index 745b55e2a8d..e4332cc30eb 100644 --- a/2023/31xxx/CVE-2023-31155.json +++ b/2023/31xxx/CVE-2023-31155.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31156.json b/2023/31xxx/CVE-2023-31156.json index b7a50e5cd16..ec8477d02ef 100644 --- a/2023/31xxx/CVE-2023-31156.json +++ b/2023/31xxx/CVE-2023-31156.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31157.json b/2023/31xxx/CVE-2023-31157.json index 1d89a4c7c5c..6fbeb1bd42e 100644 --- a/2023/31xxx/CVE-2023-31157.json +++ b/2023/31xxx/CVE-2023-31157.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31158.json b/2023/31xxx/CVE-2023-31158.json index e513040bad6..082a2786f39 100644 --- a/2023/31xxx/CVE-2023-31158.json +++ b/2023/31xxx/CVE-2023-31158.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31159.json b/2023/31xxx/CVE-2023-31159.json index 130ffd06d8b..44c10d33241 100644 --- a/2023/31xxx/CVE-2023-31159.json +++ b/2023/31xxx/CVE-2023-31159.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31160.json b/2023/31xxx/CVE-2023-31160.json index a8a38c01826..7ab706c79fd 100644 --- a/2023/31xxx/CVE-2023-31160.json +++ b/2023/31xxx/CVE-2023-31160.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31161.json b/2023/31xxx/CVE-2023-31161.json index ccd9336b62b..d08f4fb2acc 100644 --- a/2023/31xxx/CVE-2023-31161.json +++ b/2023/31xxx/CVE-2023-31161.json @@ -1,17 +1,147 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An\u00a0Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R143-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R143-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31162.json b/2023/31xxx/CVE-2023-31162.json index 811be7860b9..d27f630201d 100644 --- a/2023/31xxx/CVE-2023-31162.json +++ b/2023/31xxx/CVE-2023-31162.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31162", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R149-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31163.json b/2023/31xxx/CVE-2023-31163.json index 1286a5c466e..b8fde068873 100644 --- a/2023/31xxx/CVE-2023-31163.json +++ b/2023/31xxx/CVE-2023-31163.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R100-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R108-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R113-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31164.json b/2023/31xxx/CVE-2023-31164.json index 6b28a666828..8edae1a53a1 100644 --- a/2023/31xxx/CVE-2023-31164.json +++ b/2023/31xxx/CVE-2023-31164.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31164", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R100-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R108-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R113-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31165.json b/2023/31xxx/CVE-2023-31165.json index fd29f4aa7c6..0e83d6ecce6 100644 --- a/2023/31xxx/CVE-2023-31165.json +++ b/2023/31xxx/CVE-2023-31165.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R119-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R100-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R108-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R113-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/31xxx/CVE-2023-31166.json b/2023/31xxx/CVE-2023-31166.json index b158a4116d7..6389f1cc00f 100644 --- a/2023/31xxx/CVE-2023-31166.json +++ b/2023/31xxx/CVE-2023-31166.json @@ -1,17 +1,207 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@selinc.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schweitzer Engineering Laboratories", + "product": { + "product_data": [ + { + "product_name": "SEL-3505", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3505-3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3530-4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3532", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R132-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3555", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R134-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560S", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3560E", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R144-V2", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-2241 RTAC module", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R126-V0", + "version_value": "R150-V2" + } + ] + } + }, + { + "product_name": "SEL-3350", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R148-V0", + "version_value": "R150-V2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "refsource": "MISC", + "name": "https://selinc.com/support/security-notifications/external-reports/" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/blog/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca, Nozomi Networks" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" } ] }