admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-10 14:00:59 +00:00
parent 19aafddecc
commit b90c471809
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
48 changed files with 3623 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
2020/28xxx/CVE-2020-28398.json
View File

@ -1,17 +1,194 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to \r\ncross-site request forgery (CSRF).\r\n\r\nThis could allow an attacker to read or modify the device configuration\r\nby tricking an authenticated legitimate user into accessing a malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROX MX5000",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX MX5000RE",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1400",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1500",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1501",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1510",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1511",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1512",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1524",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX1536",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
},
{
"product_name": "RUGGEDCOM ROX RX5000",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2.16.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

4
2020/28xxx/CVE-2020-28400.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device."
"value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device."
}
]
},
@ -3088,7 +3088,7 @@
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}

10
2023/28xxx/CVE-2023-28831.json
View File

@ -76,8 +76,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -209,8 +210,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}

54
2023/30xxx/CVE-2023-30757.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."
}
]
},
@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -51,8 +52,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -62,8 +64,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -73,8 +76,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -84,8 +88,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -95,8 +100,9 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -106,8 +112,21 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V20",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
@ -124,6 +143,11 @@
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html"
}
]
},

44
2023/46xxx/CVE-2023-46280.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
"value": "A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
}
]
},
@ -35,18 +35,6 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "S7-PCT",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "Security Configuration Tool (SCT)",
"version": {
@ -167,6 +155,18 @@
]
}
},
{
"product_name": "SIMATIC S7-PCT",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V3.5 SP3 Update 6"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5",
"version": {
@ -174,7 +174,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V5.7 SP3"
}
]
}
@ -222,7 +222,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V17 Update 8"
}
]
}
@ -275,18 +275,6 @@
]
}
},
{
"product_name": "SIMATIC WinCC Unified PC Runtime V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
@ -414,7 +402,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V17 Update 8"
}
]
}

4
2023/49xxx/CVE-2023-49069.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
}
]
},
@ -42,7 +42,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.16.0"
"version_value": "V10.17.0"
}
]
}

18
2024/12xxx/CVE-2024-12401.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-12401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

15
2024/41xxx/CVE-2024-41981.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Simcenter Nastran 2306",
"product_name": "Simcenter Femap V2306",
"version": {
"version_data": [
{
@ -48,7 +48,7 @@
}
},
{
"product_name": "Simcenter Nastran 2312",
"product_name": "Simcenter Femap V2401",
"version": {
"version_data": [
{
@ -60,13 +60,13 @@
}
},
{
"product_name": "Simcenter Nastran 2406",
"product_name": "Simcenter Femap V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.5000"
"version_value": "*"
}
]
}
@ -83,6 +83,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html"
}
]
},

43
2024/45xxx/CVE-2024-45463.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45464.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45465.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45466.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45467.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45468.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45469.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45470.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45471.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45472.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45473.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45474.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45475.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

43
2024/45xxx/CVE-2024-45476.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
}
]
},
@ -35,6 +35,42 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +107,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

68
2024/46xxx/CVE-2024-46886.json
View File

@ -78,7 +78,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -90,7 +90,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -102,7 +102,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -114,7 +114,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -126,7 +126,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -138,7 +138,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -150,7 +150,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -162,7 +162,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -174,7 +174,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -186,7 +186,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -198,7 +198,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -210,7 +210,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -222,7 +222,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -234,7 +234,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -246,7 +246,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -258,7 +258,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -270,7 +270,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -282,7 +282,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -294,7 +294,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1086,7 +1086,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1098,7 +1098,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1110,7 +1110,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1122,7 +1122,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1134,7 +1134,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1146,7 +1146,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1158,7 +1158,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1170,7 +1170,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1182,7 +1182,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1194,7 +1194,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1206,7 +1206,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1218,7 +1218,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1230,7 +1230,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1242,7 +1242,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}
@ -1254,7 +1254,7 @@
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
"version_value": "V4.7"
}
]
}

15
2024/47xxx/CVE-2024-47046.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process."
}
]
},
@ -36,7 +36,7 @@
"product": {
"product_data": [
{
"product_name": "Simcenter Nastran 2306",
"product_name": "Simcenter Femap V2306",
"version": {
"version_data": [
{
@ -48,7 +48,7 @@
}
},
{
"product_name": "Simcenter Nastran 2312",
"product_name": "Simcenter Femap V2401",
"version": {
"version_data": [
{
@ -60,13 +60,13 @@
}
},
{
"product_name": "Simcenter Nastran 2406",
"product_name": "Simcenter Femap V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.5000"
"version_value": "*"
}
]
}
@ -83,6 +83,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html"
}
]
},

79
2024/47xxx/CVE-2024-47117.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Carbon Charts",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0.4.0",
"version_value": "1.13.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7178269",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7178269"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

137
2024/49xxx/CVE-2024-49704.json
View File

@ -1,17 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49704",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "COMOS V10.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.3.3.5.8"
}
]
}
},
{
"product_name": "COMOS V10.4.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "COMOS V10.4.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "COMOS V10.4.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "COMOS V10.4.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.4.3.0.47"
}
]
}
},
{
"product_name": "COMOS V10.4.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.4.4.2"
}
]
}
},
{
"product_name": "COMOS V10.4.4.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.4.4.1.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}

533
2024/49xxx/CVE-2024-49849.json
View File

@ -1,17 +1,542 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49849",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-PLCSIM V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.4 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.4 SP3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.5 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.6 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V17 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V18 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V19 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V18 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V19 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V16",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

461
2024/52xxx/CVE-2024-52051.json
View File

@ -1,17 +1,470 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-52051",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-PLCSIM V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 Safety V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified PC Runtime V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified PC Runtime V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC Unified V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMATIC WinCC V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOCODE ES V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.4 SP3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.5 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIMOTION SCOUT TIA V5.6 SP1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SINAMICS Startdrive V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V17 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V18 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Safety ES V19 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V18 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "SIRIUS Soft Starter ES V19 (TIA Portal)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V17",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V18",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "TIA Portal Cloud V19",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

55
2024/52xxx/CVE-2024-52565.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52566.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52567.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52568.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52569.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52570.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52571.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52572.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52573.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

55
2024/52xxx/CVE-2024-52574.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)"
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)"
}
]
},
@ -35,6 +35,54 @@
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2406",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2406.0005"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
@ -71,6 +119,11 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},

118
2024/53xxx/CVE-2024-53041.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2302.0016"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2404",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2404.0005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

118
2024/53xxx/CVE-2024-53242.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.2.0.14"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V14.3.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V2312",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2312.0008"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2302",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2302.0016"
}
]
}
},
{
"product_name": "Tecnomatix Plant Simulation V2404",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V2404.0005"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/53xxx/CVE-2024-53832.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials",
"cweId": "CWE-522"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "CPCI85 Central Processing/Communication",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V05.30"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
}
]
}

137
2024/54xxx/CVE-2024-54005.json
View File

@ -1,17 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54005",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference",
"cweId": "CWE-611"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "COMOS V10.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.3.3.5.8"
}
]
}
},
{
"product_name": "COMOS V10.4.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "COMOS V10.4.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "COMOS V10.4.2",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "*"
}
]
}
},
{
"product_name": "COMOS V10.4.3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.4.3.0.47"
}
]
}
},
{
"product_name": "COMOS V10.4.4",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.4.4.2"
}
]
}
},
{
"product_name": "COMOS V10.4.4.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V10.4.4.1.21"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
]
}

89
2024/54xxx/CVE-2024-54091.json
View File

@ -1,17 +1,98 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files.\r\nThis could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Parasolid V36.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V36.1.225"
}
]
}
},
{
"product_name": "Parasolid V37.0",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V37.0.173"
}
]
}
},
{
"product_name": "Parasolid V37.1",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V37.1.109"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-979056.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-979056.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/54xxx/CVE-2024-54093.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/54xxx/CVE-2024-54094.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54094",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

65
2024/54xxx/CVE-2024-54095.json
View File

@ -1,17 +1,74 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-54095",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"cweId": "CWE-191"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2024",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "V224.0 Update 10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

66
2024/55xxx/CVE-2024-55586.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-55586",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-55586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/nette/database/releases",
"refsource": "MISC",
"name": "https://github.com/nette/database/releases"
},
{
"refsource": "MISC",
"name": "https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html",
"url": "https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html"
},
{
"refsource": "MISC",
"name": "https://github.com/CSIRTTrizna/CVE-2024-55586",
"url": "https://github.com/CSIRTTrizna/CVE-2024-55586"
}
]
}

237
2024/5xxx/CVE-2024-5660.json
View File

@ -1,18 +1,247 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-5660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "arm-security@arm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 & Travis\u00a0may permit bypass of Stage-2 translation and/or GPT protection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668 Exposure of Resource to Wrong Sphere",
"cweId": "CWE-668"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Arm",
"product": {
"product_data": [
{
"product_name": "Cortex-A77",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Neoverse V1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-A78AE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-78C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-X1C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-A78",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-X1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Neoverse N2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-A710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-X2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Neoverse V2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-X3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Neoverse V3AE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Neoverse V3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-X4",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Cortex-X925",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0"
}
]
}
},
{
"product_name": "Travis",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "EAC"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660",
"refsource": "MISC",
"name": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
}