From b36bc77506a4619d8c1066035c29d44f63e9a5d5 Mon Sep 17 00:00:00 2001 From: Jochen Becker Date: Thu, 28 Apr 2022 16:26:58 +0200 Subject: [PATCH] update 6 CVEs --- 2021/33xxx/CVE-2021-33543.json | 6 +++--- 2021/34xxx/CVE-2021-34570.json | 8 ++++---- 2021/34xxx/CVE-2021-34582.json | 12 ++++++------ 2021/34xxx/CVE-2021-34584.json | 10 +++++----- 2021/34xxx/CVE-2021-34600.json | 2 +- 2022/22xxx/CVE-2022-22516.json | 10 +++++----- 6 files changed, 24 insertions(+), 24 deletions(-) diff --git a/2021/33xxx/CVE-2021-33543.json b/2021/33xxx/CVE-2021-33543.json index 83b6c5d74d3..e3b495e7649 100644 --- a/2021/33xxx/CVE-2021-33543.json +++ b/2021/33xxx/CVE-2021-33543.json @@ -3,7 +3,7 @@ "ASSIGNER": "info@cert.vde.com", "ID": "CVE-2021-33543", "STATE": "PUBLIC", - "TITLE": "UDP Technology/Geutebr\u00fcck camera devices: Authentication Bypass" + "TITLE": "UDP Technology/Geutebrück camera devices: Authentication Bypass" }, "affects": { "vendor": { @@ -117,7 +117,7 @@ } ] }, - "vendor_name": "Geutebr\u00fcck" + "vendor_name": "Geutebrück" } ] } @@ -135,7 +135,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple camera devices by UDP Technology, Geutebr\u00fcck and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings." + "value": "Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service." } ] }, diff --git a/2021/34xxx/CVE-2021-34570.json b/2021/34xxx/CVE-2021-34570.json index 580fde8d747..567201f316a 100644 --- a/2021/34xxx/CVE-2021-34570.json +++ b/2021/34xxx/CVE-2021-34570.json @@ -95,14 +95,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL", + "baseScore": 7.5, + "baseSeverity": "HIGH", "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", + "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, diff --git a/2021/34xxx/CVE-2021-34582.json b/2021/34xxx/CVE-2021-34582.json index 518b69d4bb6..3170ef61d71 100644 --- a/2021/34xxx/CVE-2021-34582.json +++ b/2021/34xxx/CVE-2021-34582.json @@ -64,15 +64,15 @@ "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, diff --git a/2021/34xxx/CVE-2021-34584.json b/2021/34xxx/CVE-2021-34584.json index 3b4e9d850e3..391f3a890cc 100644 --- a/2021/34xxx/CVE-2021-34584.json +++ b/2021/34xxx/CVE-2021-34584.json @@ -56,14 +56,14 @@ "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", - "baseScore": 8.2, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, @@ -87,8 +87,8 @@ "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=16876&token=a3f1d937f95e7034879f4f2ea8e5a99b168256a7&download=" }, { - "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2021-47", + "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2021-47" } ] diff --git a/2021/34xxx/CVE-2021-34600.json b/2021/34xxx/CVE-2021-34600.json index 5fb7b4d22e7..4d6db1aaefe 100644 --- a/2021/34xxx/CVE-2021-34600.json +++ b/2021/34xxx/CVE-2021-34600.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for authorization of users." + "value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation." } ] }, diff --git a/2022/22xxx/CVE-2022-22516.json b/2022/22xxx/CVE-2022-22516.json index 1588a821054..f2320b4ed88 100644 --- a/2022/22xxx/CVE-2022-22516.json +++ b/2022/22xxx/CVE-2022-22516.json @@ -83,7 +83,7 @@ }, "impact": { "cvss": { - "attackComplexity": "HIGH", + "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, @@ -91,9 +91,9 @@ "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", - "scope": "CHANGED", + "scope": "UNCHANGED", "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, @@ -112,9 +112,9 @@ "references": { "reference_data": [ { + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=", "refsource": "MISC", - "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=", - "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=" + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17090&token=6cd08b169916366df31388d2e7ba58e7bce93508&download=" } ] },