admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-27 23:00:36 +00:00
parent 6d7d2bed04
commit b7b03b36f0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 370 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2019/18xxx/CVE-2019-18269.json
View File

@ -1,25 +1,69 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18269",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nOmron\u2019s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. \n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-412 Unrestricted Externally Accessible Lock",
"cweId": "CWE-412"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"vendor_name": "Omron",
"product": {
"product_data": [
{
"product_name": "Omron PLC CJ and CS Series",
"product_name": "Omron PLC CJ Series",
"version": {
"version_data": [
{
"version_value": "Omron PLC CJ series, all versions, Omron PLC CS series, all versions"
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "Omron PLC CS series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
},
{
"product_name": "Omron PLC NX1P2 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
@ -30,33 +74,43 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNRESTRICTED EXTERNALLY ACCESSIBLE LOCK CWE-412"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02",
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
},
{
"url": "https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf",
"refsource": "MISC",
"name": "https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, the software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control."
}
]
}
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>Omron recommends the following mitigation measures:</p><ul><li>Filter FINS port: Protect access to Omron\u2019s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).</li><li>Filter IP addresses: Protect access to Omron\u2019s PLC with a firewall and filtering devices connected to the PLC by IP address.</li></ul><p>For more information provided by Omron on these vulnerabilities refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.omron-cxone.com%2Fsecurity%2F2019-12-06_PLC_EN.pdf&amp;data=02%7C01%7Ckent.norris%40inl.gov%7C20bf150382654ea6bed508d77a33e9d1%7C4cf464b7869a42368da2a98566485554%7C0%7C1%7C637112235716101466&amp;sdata=HF291pOMe65LwSvq4DynQqT%2FX7Sw%2BT92JGwRsXmC7WU%3D&amp;reserved=0\">Vulnerabilities in Omron CS and CJ series CPU PLCs</a>.</p>\n\n<br>"
}
],
"value": "\nOmron recommends the following mitigation measures:\n\n * Filter FINS port: Protect access to Omron\u2019s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).\n * Filter IP addresses: Protect access to Omron\u2019s PLC with a firewall and filtering devices connected to the PLC by IP address.\n\n\nFor more information provided by Omron on these vulnerabilities refer to Vulnerabilities in Omron CS and CJ series CPU PLCs https://gcc01.safelinks.protection.outlook.com/ .\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jipeng You (XDU) and n0b0dy reported these vulnerabilities to CISA."
}
]
}

62
2023/28xxx/CVE-2023-28384.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA Technologies",
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.26.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-28384"
},
"source": {
"discovery": "UNKNOWN"
}
}

62
2023/28xxx/CVE-2023-28400.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA Technologies",
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.26.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-28400"
},
"source": {
"discovery": "UNKNOWN"
}
}

62
2023/28xxx/CVE-2023-28716.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA Technologies",
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.26.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-28716"
},
"source": {
"discovery": "UNKNOWN"
}
}

62
2023/29xxx/CVE-2023-29150.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA Technologies",
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.26.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-29150"
},
"source": {
"discovery": "UNKNOWN"
}
}

62
2023/29xxx/CVE-2023-29169.json
View File

@ -1,18 +1,72 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "mySCADA Technologies",
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "8.26.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-29169"
},
"source": {
"discovery": "UNKNOWN"
}
}