admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-10 14:01:13 +00:00
parent 67dc2b6e6b
commit a51179005b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
70 changed files with 9352 additions and 10290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2018/4xxx/CVE-2018-4843.json
View File

@ -4,7 +4,8 @@
"data_type": "CVE",
"CVE_data_meta": {
"ID": "CVE-2018-4843",
"ASSIGNER": "productcert@siemens.com"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"cve_id": "CVE-2018-4843",
"affects": {
@ -175,6 +176,8 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf"
}
]
@ -183,7 +186,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system.\n\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
"value": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All versions), SIMATIC CP 343-1 Standard (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Standard (All versions), SIMATIC S7-1500 Software Controller incl. F (All versions < V1.7.0), SIMATIC S7-1500 incl. F (All versions < V1.7.0), SIMATIC S7-300 incl. F and T (All versions < V3.X.16), SIMATIC S7-400 H V6 (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions), SIMATIC S7-410 (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected."
}
]
}

6
2019/0xxx/CVE-2019-0608.json
View File

@ -366,7 +366,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka \u0027Microsoft Browser Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-1357."
"value": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357."
}
]
},
@ -385,7 +385,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0608"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0608",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0608"
}
]
}

3
2019/10xxx/CVE-2019-10916.json
View File

@ -176,6 +176,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
@ -184,7 +185,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server.\n\nThe vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

3
2019/10xxx/CVE-2019-10917.json
View File

@ -176,6 +176,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
@ -184,7 +185,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded.\n\nSuccessful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

3
2019/10xxx/CVE-2019-10918.json
View File

@ -176,6 +176,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
@ -184,7 +185,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges.\n\nThe vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

3
2019/10xxx/CVE-2019-10923.json
View File

@ -356,6 +356,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
}
]
@ -364,7 +365,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations."
"value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations."
}
]
}

3
2019/10xxx/CVE-2019-10935.json
View File

@ -176,6 +176,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
}
]
@ -184,7 +185,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code.\n\nThe security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device.\n\nAt the stage of publishing this security advisory no public exploitation is known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions < V14 SP1 Upd 9), SIMATIC WinCC Professional (TIA Portal V15) (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known."
}
]
}

483
2019/10xxx/CVE-2019-10936.json
View File

@ -11,491 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "n/a"
}
]
}
}
]
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CFU PA",
"version": {
"version_data": [
{
"version_value": "All versions < V1.2.0"
}
]
}
},
{
"product_name": "SIMATIC ET 200AL",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200M",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200MP IM 155-5 PN BA",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.3"
}
]
}
},
{
"product_name": "SIMATIC ET 200MP IM 155-5 PN HF",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200MP IM 155-5 PN ST",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200S",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN BA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN HA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN HF",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.2"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN HS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN ST",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.2"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
"version": {
"version_data": [
{
"version_value": "All versions < V4.2.1"
}
]
}
},
{
"product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200pro",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PN/PN Coupler",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PROFINET Driver",
"version": {
"version_data": [
{
"version_value": "All versions < V2.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions < V2.0"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 V6 (incl F) and below",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400H V6",
"version": {
"version_data": [
{
"version_value": "All versions < V6.0.9"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V8",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
}
]
}
},
{
"product_name": "SINAMICS DCM",
"version": {
"version_data": [
{
"version_value": "All versions < V1.5 HF1"
}
]
}
},
{
"product_name": "SINAMICS DCP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G110M V4.7 (PN Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
},
{
"product_name": "SINAMICS G120 V4.7 (PN Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP10 HF5"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G150 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GH150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GL150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GM150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S110 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S150 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SL150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK 828D",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP5"
}
]
}
},
{
"product_name": "SINUMERIK 840D sl",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
"vendor_name": "n/a"
}
]
}
@ -516,6 +46,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
}
]
@ -524,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

3
2019/13xxx/CVE-2019-13921.json
View File

@ -46,6 +46,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
}
]
@ -54,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

3
2019/13xxx/CVE-2019-13929.json
View File

@ -46,6 +46,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
}
]
@ -54,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station.\n\nThe security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access to the related TeamCenter station. The security vulnerability could be exploited only if the attacker is authenticated. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}

6
2019/1xxx/CVE-2019-1060.json
View File

@ -159,7 +159,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka \u0027MS XML Remote Code Execution Vulnerability\u0027."
"value": "A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'."
}
]
},
@ -178,7 +178,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1060"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1060",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1060"
}
]
}

6
2019/1xxx/CVE-2019-1070.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027."
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'."
}
]
},
@ -63,7 +63,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1070"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1070",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1070"
}
]
}

6
2019/1xxx/CVE-2019-1166.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka \u0027Windows NTLM Tampering Vulnerability\u0027."
"value": "A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1166"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1166",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1166"
}
]
}

6
2019/1xxx/CVE-2019-1230.json
View File

@ -59,7 +59,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \u0027Hyper-V Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'."
}
]
},
@ -78,7 +78,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1230"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1230",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1230"
}
]
}

6
2019/1xxx/CVE-2019-1238.json
View File

@ -166,7 +166,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \u0027VBScript Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1239."
"value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239."
}
]
},
@ -185,7 +185,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1238"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1238",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1238"
}
]
}

6
2019/1xxx/CVE-2019-1239.json
View File

@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \u0027VBScript Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1238."
"value": "A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238."
}
]
},
@ -62,7 +62,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1239"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1239",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1239"
}
]
}

6
2019/1xxx/CVE-2019-1307.json
View File

@ -234,7 +234,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366."
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366."
}
]
},
@ -253,7 +253,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1307"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1307",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1307"
}
]
}

6
2019/1xxx/CVE-2019-1308.json
View File

@ -234,7 +234,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366."
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366."
}
]
},
@ -253,7 +253,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1308"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1308",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1308"
}
]
}

6
2019/1xxx/CVE-2019-1311.json
View File

@ -159,7 +159,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka \u0027Windows Imaging API Remote Code Execution Vulnerability\u0027."
"value": "A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'."
}
]
},
@ -178,7 +178,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1311"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1311",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1311"
}
]
}

6
2019/1xxx/CVE-2019-1313.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka \u0027SQL Server Management Studio Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-1376."
"value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376."
}
]
},
@ -56,7 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1313"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1313",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1313"
}
]
}

6
2019/1xxx/CVE-2019-1314.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka \u0027Windows 10 Mobile Security Feature Bypass Vulnerability\u0027."
"value": "A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1314"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1314",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1314"
}
]
}

6
2019/1xxx/CVE-2019-1315.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
"value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315"
}
]
}

6
2019/1xxx/CVE-2019-1316.json
View File

@ -138,7 +138,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka \u0027Microsoft Windows Setup Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'."
}
]
},
@ -157,7 +157,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1316"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1316",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1316"
}
]
}

6
2019/1xxx/CVE-2019-1317.json
View File

@ -138,7 +138,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka \u0027Microsoft Windows Denial of Service Vulnerability\u0027."
"value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'."
}
]
},
@ -157,7 +157,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1317"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1317",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1317"
}
]
}

6
2019/1xxx/CVE-2019-1318.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka \u0027Microsoft Windows Transport Layer Security Spoofing Vulnerability\u0027."
"value": "A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318"
}
]
}

6
2019/1xxx/CVE-2019-1319.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka \u0027Windows Error Reporting Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1319"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1319",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1319"
}
]
}

6
2019/1xxx/CVE-2019-1320.json
View File

@ -114,7 +114,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340."
"value": "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340."
}
]
},
@ -133,7 +133,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1320"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1320",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1320"
}
]
}

6
2019/1xxx/CVE-2019-1321.json
View File

@ -120,7 +120,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka \u0027Microsoft Windows CloudStore Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'."
}
]
},
@ -139,7 +139,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1321"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1321",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1321"
}
]
}

6
2019/1xxx/CVE-2019-1322.json
View File

@ -105,7 +105,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340."
"value": "An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340."
}
]
},
@ -124,7 +124,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1322"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1322",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1322"
}
]
}

6
2019/1xxx/CVE-2019-1323.json
View File

@ -93,7 +93,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka \u0027Microsoft Windows Update Client Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1336."
"value": "An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336."
}
]
},
@ -112,7 +112,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1323"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1323",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1323"
}
]
}

6
2019/1xxx/CVE-2019-1325.json
View File

@ -174,7 +174,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka \u0027Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'."
}
]
},
@ -193,7 +193,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1325"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1325",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1325"
}
]
}

6
2019/1xxx/CVE-2019-1326.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka \u0027Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability\u0027."
"value": "A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1326"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1326",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1326"
}
]
}

6
2019/1xxx/CVE-2019-1327.json
View File

@ -84,7 +84,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1331."
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331."
}
]
},
@ -103,7 +103,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1327"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1327",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1327"
}
]
}

6
2019/1xxx/CVE-2019-1328.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027."
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'."
}
]
},
@ -66,7 +66,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328"
}
]
}

6
2019/1xxx/CVE-2019-1329.json
View File

@ -47,7 +47,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1330."
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330."
}
]
},
@ -66,7 +66,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329"
}
]
}

6
2019/1xxx/CVE-2019-1330.json
View File

@ -54,7 +54,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka \u0027Microsoft SharePoint Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1329."
"value": "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329."
}
]
},
@ -73,7 +73,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330"
}
]
}

6
2019/1xxx/CVE-2019-1331.json
View File

@ -135,7 +135,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1327."
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327."
}
]
},
@ -154,7 +154,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1331"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1331",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1331"
}
]
}

6
2019/1xxx/CVE-2019-1333.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka \u0027Remote Desktop Client Remote Code Execution Vulnerability\u0027."
"value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333"
}
]
}

6
2019/1xxx/CVE-2019-1334.json
View File

@ -153,7 +153,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \u0027Windows Kernel Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-1345."
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345."
}
]
},
@ -172,7 +172,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1334"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1334",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1334"
}
]
}

6
2019/1xxx/CVE-2019-1335.json
View File

@ -234,7 +234,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366."
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366."
}
]
},
@ -253,7 +253,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1335"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1335",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1335"
}
]
}

6
2019/1xxx/CVE-2019-1336.json
View File

@ -93,7 +93,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka \u0027Microsoft Windows Update Client Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1323."
"value": "An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323."
}
]
},
@ -112,7 +112,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1336"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1336",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1336"
}
]
}

6
2019/1xxx/CVE-2019-1337.json
View File

@ -93,7 +93,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka \u0027Windows Update Client Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'."
}
]
},
@ -112,7 +112,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1337"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1337",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1337"
}
]
}

6
2019/1xxx/CVE-2019-1338.json
View File

@ -68,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka \u0027Windows NTLM Security Feature Bypass Vulnerability\u0027."
"value": "A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'."
}
]
},
@ -87,7 +87,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1338"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1338",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1338"
}
]
}

6
2019/1xxx/CVE-2019-1339.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342."
"value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1339"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1339",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1339"
}
]
}

6
2019/1xxx/CVE-2019-1340.json
View File

@ -120,7 +120,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Microsoft Windows Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322."
"value": "An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322."
}
]
},
@ -139,7 +139,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1340"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1340",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1340"
}
]
}

6
2019/1xxx/CVE-2019-1341.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka \u0027Windows Power Service Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1341"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1341",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1341"
}
]
}

6
2019/1xxx/CVE-2019-1342.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka \u0027Windows Error Reporting Manager Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339."
"value": "An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1342"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1342",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1342"
}
]
}

6
2019/1xxx/CVE-2019-1343.json
View File

@ -159,7 +159,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \u0027Windows Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347."
"value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347."
}
]
},
@ -178,7 +178,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1343"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1343",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1343"
}
]
}

6
2019/1xxx/CVE-2019-1344.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka \u0027Windows Code Integrity Module Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1344"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1344",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1344"
}
]
}

6
2019/1xxx/CVE-2019-1345.json
View File

@ -132,7 +132,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \u0027Windows Kernel Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-1334."
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334."
}
]
},
@ -151,7 +151,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1345"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1345",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1345"
}
]
}

6
2019/1xxx/CVE-2019-1346.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \u0027Windows Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347."
"value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1346"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1346",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1346"
}
]
}

6
2019/1xxx/CVE-2019-1347.json
View File

@ -153,7 +153,7 @@
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \u0027Windows Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346."
"value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346."
}
]
},
@ -172,7 +172,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1347"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1347",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1347"
}
]
}

6
2019/1xxx/CVE-2019-1356.json
View File

@ -204,7 +204,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka \u0027Microsoft Edge based on Edge HTML Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'."
}
]
},
@ -223,7 +223,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1356"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1356",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1356"
}
]
}

6
2019/1xxx/CVE-2019-1357.json
View File

@ -253,7 +253,7 @@
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka \u0027Microsoft Browser Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0608."
"value": "A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608."
}
]
},
@ -272,7 +272,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1357"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1357",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1357"
}
]
}

6
2019/1xxx/CVE-2019-1358.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \u0027Jet Database Engine Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1359."
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1358"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1358",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1358"
}
]
}

6
2019/1xxx/CVE-2019-1359.json
View File

@ -189,7 +189,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \u0027Jet Database Engine Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2019-1358."
"value": "A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358."
}
]
},
@ -208,7 +208,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1359"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1359",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1359"
}
]
}

6
2019/1xxx/CVE-2019-1361.json
View File

@ -53,7 +53,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \u0027Microsoft Graphics Components Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'."
}
]
},
@ -72,7 +72,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1361"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1361",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1361"
}
]
}

6
2019/1xxx/CVE-2019-1362.json
View File

@ -68,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1364."
"value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364."
}
]
},
@ -87,7 +87,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1362"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1362",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1362"
}
]
}

6
2019/1xxx/CVE-2019-1363.json
View File

@ -53,7 +53,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \u0027Windows GDI Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'."
}
]
},
@ -72,7 +72,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1363"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1363",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1363"
}
]
}

6
2019/1xxx/CVE-2019-1364.json
View File

@ -68,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \u0027Win32k Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-1362."
"value": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362."
}
]
},
@ -87,7 +87,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1364"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1364",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1364"
}
]
}

6
2019/1xxx/CVE-2019-1365.json
View File

@ -168,7 +168,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka \u0027Microsoft IIS Server Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'."
}
]
},
@ -187,7 +187,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1365"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1365",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1365"
}
]
}

6
2019/1xxx/CVE-2019-1366.json
View File

@ -234,7 +234,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335."
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335."
}
]
},
@ -253,7 +253,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1366"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1366",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1366"
}
]
}

6
2019/1xxx/CVE-2019-1368.json
View File

@ -105,7 +105,7 @@
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka \u0027Windows Secure Boot Security Feature Bypass Vulnerability\u0027."
"value": "A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'."
}
]
},
@ -124,7 +124,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1368"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1368",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1368"
}
]
}

6
2019/1xxx/CVE-2019-1369.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka \u0027Open Enclave SDK Information Disclosure Vulnerability\u0027."
"value": "An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1369"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1369",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1369"
}
]
}

6
2019/1xxx/CVE-2019-1371.json
View File

@ -166,7 +166,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027."
"value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'."
}
]
},
@ -185,7 +185,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1371"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1371",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1371"
}
]
}

6
2019/1xxx/CVE-2019-1372.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka \u0027Azure App Service Remote Code Execution Vulnerability\u0027."
"value": "An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372"
}
]
}

6
2019/1xxx/CVE-2019-1375.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \u0027Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\u0027."
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1375"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1375",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1375"
}
]
}

6
2019/1xxx/CVE-2019-1376.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka \u0027SQL Server Management Studio Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-1313."
"value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1376"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1376",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1376"
}
]
}

6
2019/1xxx/CVE-2019-1378.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka \u0027Windows 10 Update Assistant Elevation of Privilege Vulnerability\u0027."
"value": "An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'."
}
]
},
@ -53,7 +53,9 @@
"references": {
"reference_data": [
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378"
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1378"
}
]
}

613
2019/6xxx/CVE-2019-6568.json
View File

@ -11,621 +11,21 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "CP1604",
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "n/a"
}
]
}
}
]
},
{
"product_name": "CP1616",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CP343-1 Advanced",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CP443-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CP443-1 Advanced",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CP443-1 OPC UA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC",
"version": {
"version_data": [
{
"version_value": "All versions < V2.1.6"
}
]
}
},
{
"product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC2",
"version": {
"version_data": [
{
"version_value": "All versions < V2.7"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC IPC DiagMonitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF181-EIP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF182C",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF185C",
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.0"
}
]
}
},
{
"product_name": "SIMATIC RF186C",
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.0"
}
]
}
},
{
"product_name": "SIMATIC RF188C",
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.0"
}
]
}
},
{
"product_name": "SIMATIC RF600R",
"version": {
"version_data": [
{
"version_value": "All versions < V3.2.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family",
"version": {
"version_data": [
{
"version_value": "All versions < V2.6.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions < V2.7"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family",
"version": {
"version_data": [
{
"version_value": "All versions < V3.X.16"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN (incl. F) V6 and below",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version": {
"version_data": [
{
"version_value": "All versions < V2.0 SP1 UPD1"
}
]
}
},
{
"product_name": "SIMATIC Teleservice Adapter IE Advanced",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC Teleservice Adapter IE Basic",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC Teleservice Adapter IE Standard",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinAC RTX (F) 2010",
"version": {
"version_data": [
{
"version_value": "All versions < SIMATIC WinAC RTX 2010 SP3"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMOCODE pro V EIP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMOCODE pro V PN",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.6 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.7 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G130 V4.8 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
"product_name": "SINAMICS G130 V5.1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G130 V5.1 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
"product_name": "SINAMICS G150 V4.6 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G150 V4.7 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G150 V4.8 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
"product_name": "SINAMICS G150 V5.1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS G150 V5.1 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.6 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.7 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V4.8 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
"product_name": "SINAMICS S120 V5.1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S120 V5.1 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
"product_name": "SINAMICS S150 V4.6 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S150 V4.7 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S150 V4.7 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S150 V4.8 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 HF6"
}
]
}
},
{
"product_name": "SINAMICS S150 V5.1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S150 V5.1 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1 SP1 HF4"
}
]
}
},
{
"product_name": "SINAMICS S210 V5.1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS S210 V5.1 SP1 (Control Unit)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SITOP Manager",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SITOP PSU8600",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SITOP UPS1600",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "TIM 1531 IRC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
"vendor_name": "n/a"
}
]
}
@ -646,6 +46,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
}
]
@ -654,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF185C (All versions < V1.1.0), SIMATIC RF186C (All versions < V1.1.0), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions < V2.7), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF185C (All versions < V1.1.0), SIMATIC RF186C (All versions < V1.1.0), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions < V2.7), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}