admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-10 20:00:37 +00:00
parent 11bba71d7c
commit 9b7a6e3d69
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 4076 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2021/45xxx/CVE-2021-45345.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-45345",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-45345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/0xHop/0d065694d56ac3943d8e8c239d80c63f",
"refsource": "MISC",
"name": "https://gist.github.com/0xHop/0d065694d56ac3943d8e8c239d80c63f"
},
{
"url": "https://sourceforge.net/projects/webcamserv/",
"refsource": "MISC",
"name": "https://sourceforge.net/projects/webcamserv/"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/0xHop/337e65ec684b8866e86f4b25b8f1dbc7",
"url": "https://gist.github.com/0xHop/337e65ec684b8866e86f4b25b8f1dbc7"
}
]
}

111
2022/36xxx/CVE-2022-36329.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@wdc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: through 9.4.0-191; ibi: through 9.4.0-191.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Western Digital",
"product": {
"product_data": [
{
"product_name": "My Cloud Home and My Cloud Home Duo",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "9.4.0-191"
}
]
}
}
]
}
},
{
"vendor_name": "SanDisk",
"product": {
"product_data": [
{
"product_name": "ibi",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "9.4.0-191"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div><p>All devices will be automatically updated to reflect the latest firmware version.</p></div></div><div><div><div></div></div></div>"
}
],
"value": "All devices will be automatically updated to reflect the latest firmware version.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

200
2023/2xxx/CVE-2023-2310.json
View File

@ -1,17 +1,209 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300 Channel Accessible by Non-Endpoint",
"cweId": "CWE-300"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R119-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R100-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
},
{
"vendor_name": "Schweitzer Engineering Laboratories, Inc.",
"product": {
"product_data": [
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R108-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R113-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Adeen Ayub, Syed Ali Qasim, Irfan Ahmed, Virginia Commonwealth University"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/2xxx/CVE-2023-2636.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

75
2023/30xxx/CVE-2023-30194.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30194",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://themeforest.net/user/posthemes/portfolio",
"refsource": "MISC",
"name": "https://themeforest.net/user/posthemes/portfolio"
},
{
"refsource": "MISC",
"name": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/09/posstaticfooter.html",
"url": "https://friends-of-presta.github.io/security-advisories/modules/2023/05/09/posstaticfooter.html"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
}

198
2023/31xxx/CVE-2023-31148.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31148",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31149.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31149",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31150.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-257 Storing Passwords in a Recoverable Format",
"cweId": "CWE-257"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R122-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R122-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R122-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R122-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31151.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31152.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R147-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31153.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the\u00a0Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R119-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R109-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R109-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R113-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31154.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31155.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31156.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31157.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31158.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31159.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31159",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31160.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31160",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

138
2023/31xxx/CVE-2023-31161.json
View File

@ -1,17 +1,147 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An\u00a0Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R143-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R143-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31162.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31162",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R149-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31163.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R119-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R100-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R108-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R113-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31164.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R119-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R100-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R108-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R113-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31165.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R119-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R100-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R108-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R113-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

198
2023/31xxx/CVE-2023-31166.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@selinc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Schweitzer Engineering Laboratories",
"product": {
"product_data": [
{
"product_name": "SEL-3505",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R126-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3505-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R126-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3530-4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R126-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3532",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R132-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3555",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R134-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560S",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3560E",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R144-V2",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-2241 RTAC module",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R126-V0",
"version_value": "R150-V2"
}
]
}
},
{
"product_name": "SEL-3350",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R148-V0",
"version_value": "R150-V2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://selinc.com/support/security-notifications/external-reports/",
"refsource": "MISC",
"name": "https://selinc.com/support/security-notifications/external-reports/"
},
{
"url": "https://www.nozominetworks.com/blog/",
"refsource": "MISC",
"name": "https://www.nozominetworks.com/blog/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Andrea Palanca, Nozomi Networks"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
]
}