diff --git a/2019/19xxx/CVE-2019-19221.json b/2019/19xxx/CVE-2019-19221.json index b15b60ae657..0b40e4a7ede 100644 --- a/2019/19xxx/CVE-2019-19221.json +++ b/2019/19xxx/CVE-2019-19221.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-235688c222", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHFV25AVTASTWZRF3KTSL357AQ6TYHM4/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4293-1", + "url": "https://usn.ubuntu.com/4293-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7474.json b/2020/7xxx/CVE-2020-7474.json index 8f9f063082b..0880eb7b679 100644 --- a/2020/7xxx/CVE-2020-7474.json +++ b/2020/7xxx/CVE-2020-7474.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7474", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module", + "version": { + "version_data": [ + { + "version_value": "ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427: Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-042-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-042-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL." } ] } diff --git a/2020/7xxx/CVE-2020-7475.json b/2020/7xxx/CVE-2020-7475.json index c82fa72ebe3..40a2f4e39b6 100644 --- a/2020/7xxx/CVE-2020-7475.json +++ b/2020/7xxx/CVE-2020-7475.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7475", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01", + "url": "http://www.se.com/ww/en/download/document/SEVD-2020-080-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller." } ] } diff --git a/2020/9xxx/CVE-2020-9308.json b/2020/9xxx/CVE-2020-9308.json index 57912ad7cb8..916c9538d09 100644 --- a/2020/9xxx/CVE-2020-9308.json +++ b/2020/9xxx/CVE-2020-9308.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202003-28", "url": "https://security.gentoo.org/glsa/202003-28" + }, + { + "refsource": "UBUNTU", + "name": "USN-4293-1", + "url": "https://usn.ubuntu.com/4293-1/" } ] }