diff --git a/2020/28xxx/CVE-2020-28398.json b/2020/28xxx/CVE-2020-28398.json index fed5532cb46..8561c184cf6 100644 --- a/2020/28xxx/CVE-2020-28398.json +++ b/2020/28xxx/CVE-2020-28398.json @@ -1,17 +1,194 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-28398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to \r\ncross-site request forgery (CSRF).\r\n\r\nThis could allow an attacker to read or modify the device configuration\r\nby tricking an authenticated legitimate user into accessing a malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM ROX MX5000", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX MX5000RE", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1400", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1500", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1501", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1510", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1511", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1512", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1524", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX1536", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + }, + { + "product_name": "RUGGEDCOM ROX RX5000", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2020/28xxx/CVE-2020-28400.json b/2020/28xxx/CVE-2020-28400.json index 06e583ced1f..6929016e610 100644 --- a/2020/28xxx/CVE-2020-28400.json +++ b/2020/28xxx/CVE-2020-28400.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." + "value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." } ] }, @@ -3088,7 +3088,7 @@ "cvss": [ { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" } diff --git a/2023/28xxx/CVE-2023-28831.json b/2023/28xxx/CVE-2023-28831.json index bb824218762..e97a7c792e9 100644 --- a/2023/28xxx/CVE-2023-28831.json +++ b/2023/28xxx/CVE-2023-28831.json @@ -76,8 +76,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -209,8 +210,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } diff --git a/2023/30xxx/CVE-2023-30757.json b/2023/30xxx/CVE-2023-30757.json index e1543a6fa6f..8d7c05bfbcc 100644 --- a/2023/30xxx/CVE-2023-30757.json +++ b/2023/30xxx/CVE-2023-30757.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password." + "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password." } ] }, @@ -40,8 +40,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -51,8 +52,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -62,8 +64,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -73,8 +76,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -84,8 +88,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -95,8 +100,9 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -106,8 +112,21 @@ "version": { "version_data": [ { - "version_affected": "=", - "version_value": "All versions" + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "Totally Integrated Automation Portal (TIA Portal) V20", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" } ] } @@ -124,6 +143,11 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html" } ] }, diff --git a/2023/46xxx/CVE-2023-46280.json b/2023/46xxx/CVE-2023-46280.json index 5759ad7faef..c98489a6683 100644 --- a/2023/46xxx/CVE-2023-46280.json +++ b/2023/46xxx/CVE-2023-46280.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." + "value": "A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." } ] }, @@ -35,18 +35,6 @@ "vendor_name": "Siemens", "product": { "product_data": [ - { - "product_name": "S7-PCT", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "*" - } - ] - } - }, { "product_name": "Security Configuration Tool (SCT)", "version": { @@ -167,6 +155,18 @@ ] } }, + { + "product_name": "SIMATIC S7-PCT", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V3.5 SP3 Update 6" + } + ] + } + }, { "product_name": "SIMATIC STEP 7 V5", "version": { @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V5.7 SP3" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V17 Update 8" } ] } @@ -275,18 +275,6 @@ ] } }, - { - "product_name": "SIMATIC WinCC Unified PC Runtime V18", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "0", - "version_value": "*" - } - ] - } - }, { "product_name": "SIMATIC WinCC V7.4", "version": { @@ -414,7 +402,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V17 Update 8" } ] } diff --git a/2023/49xxx/CVE-2023-49069.json b/2023/49xxx/CVE-2023-49069.json index 700a69609e0..5855e52c664 100644 --- a/2023/49xxx/CVE-2023-49069.json +++ b/2023/49xxx/CVE-2023-49069.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." + "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." } ] }, @@ -42,7 +42,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "V10.16.0" + "version_value": "V10.17.0" } ] } diff --git a/2024/12xxx/CVE-2024-12401.json b/2024/12xxx/CVE-2024-12401.json new file mode 100644 index 00000000000..d54cd74938d --- /dev/null +++ b/2024/12xxx/CVE-2024-12401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/41xxx/CVE-2024-41981.json b/2024/41xxx/CVE-2024-41981.json index f1106480b5c..f9735920c65 100644 --- a/2024/41xxx/CVE-2024-41981.json +++ b/2024/41xxx/CVE-2024-41981.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Simcenter Nastran 2306", + "product_name": "Simcenter Femap V2306", "version": { "version_data": [ { @@ -48,7 +48,7 @@ } }, { - "product_name": "Simcenter Nastran 2312", + "product_name": "Simcenter Femap V2401", "version": { "version_data": [ { @@ -60,13 +60,13 @@ } }, { - "product_name": "Simcenter Nastran 2406", + "product_name": "Simcenter Femap V2406", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", - "version_value": "V2406.5000" + "version_value": "*" } ] } @@ -83,6 +83,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45463.json b/2024/45xxx/CVE-2024-45463.json index fa9af047313..6592df0d8f5 100644 --- a/2024/45xxx/CVE-2024-45463.json +++ b/2024/45xxx/CVE-2024-45463.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45464.json b/2024/45xxx/CVE-2024-45464.json index 795947344a3..d54f64e3fd8 100644 --- a/2024/45xxx/CVE-2024-45464.json +++ b/2024/45xxx/CVE-2024-45464.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45465.json b/2024/45xxx/CVE-2024-45465.json index 2378cdf72b9..39562724b1d 100644 --- a/2024/45xxx/CVE-2024-45465.json +++ b/2024/45xxx/CVE-2024-45465.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45466.json b/2024/45xxx/CVE-2024-45466.json index de8cc704c6b..60b621574e2 100644 --- a/2024/45xxx/CVE-2024-45466.json +++ b/2024/45xxx/CVE-2024-45466.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45467.json b/2024/45xxx/CVE-2024-45467.json index 6d521c47573..c52510fe993 100644 --- a/2024/45xxx/CVE-2024-45467.json +++ b/2024/45xxx/CVE-2024-45467.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45468.json b/2024/45xxx/CVE-2024-45468.json index 65b8109f9d3..30968f3492f 100644 --- a/2024/45xxx/CVE-2024-45468.json +++ b/2024/45xxx/CVE-2024-45468.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45469.json b/2024/45xxx/CVE-2024-45469.json index 3788fcc2a0e..5638a07bcb0 100644 --- a/2024/45xxx/CVE-2024-45469.json +++ b/2024/45xxx/CVE-2024-45469.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45470.json b/2024/45xxx/CVE-2024-45470.json index 6e29e508433..a2500fc266e 100644 --- a/2024/45xxx/CVE-2024-45470.json +++ b/2024/45xxx/CVE-2024-45470.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45471.json b/2024/45xxx/CVE-2024-45471.json index 023c5fa8bf9..af848b3faf3 100644 --- a/2024/45xxx/CVE-2024-45471.json +++ b/2024/45xxx/CVE-2024-45471.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45472.json b/2024/45xxx/CVE-2024-45472.json index 13c09f61b6e..b1443315486 100644 --- a/2024/45xxx/CVE-2024-45472.json +++ b/2024/45xxx/CVE-2024-45472.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45473.json b/2024/45xxx/CVE-2024-45473.json index 046d6e04b06..dbce09c4763 100644 --- a/2024/45xxx/CVE-2024-45473.json +++ b/2024/45xxx/CVE-2024-45473.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45474.json b/2024/45xxx/CVE-2024-45474.json index 6716572b61e..f7af496b9c1 100644 --- a/2024/45xxx/CVE-2024-45474.json +++ b/2024/45xxx/CVE-2024-45474.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45475.json b/2024/45xxx/CVE-2024-45475.json index 6c0d269eb31..8bd4807471b 100644 --- a/2024/45xxx/CVE-2024-45475.json +++ b/2024/45xxx/CVE-2024-45475.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/45xxx/CVE-2024-45476.json b/2024/45xxx/CVE-2024-45476.json index 9132e546376..f14b4339bbc 100644 --- a/2024/45xxx/CVE-2024-45476.json +++ b/2024/45xxx/CVE-2024-45476.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ] }, @@ -35,6 +35,42 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +107,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/46xxx/CVE-2024-46886.json b/2024/46xxx/CVE-2024-46886.json index 539fa1e246b..4893fd49bf6 100644 --- a/2024/46xxx/CVE-2024-46886.json +++ b/2024/46xxx/CVE-2024-46886.json @@ -78,7 +78,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -90,7 +90,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -102,7 +102,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -114,7 +114,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -126,7 +126,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -138,7 +138,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -150,7 +150,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -162,7 +162,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -174,7 +174,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -186,7 +186,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -198,7 +198,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -210,7 +210,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -222,7 +222,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -234,7 +234,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -246,7 +246,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -258,7 +258,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -270,7 +270,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -282,7 +282,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -294,7 +294,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1086,7 +1086,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1098,7 +1098,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1110,7 +1110,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1122,7 +1122,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1134,7 +1134,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1146,7 +1146,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1158,7 +1158,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1170,7 +1170,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1182,7 +1182,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1194,7 +1194,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1206,7 +1206,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1218,7 +1218,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1230,7 +1230,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1242,7 +1242,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } @@ -1254,7 +1254,7 @@ { "version_affected": "<", "version_name": "0", - "version_value": "*" + "version_value": "V4.7" } ] } diff --git a/2024/47xxx/CVE-2024-47046.json b/2024/47xxx/CVE-2024-47046.json index afde46efc42..9017e69039d 100644 --- a/2024/47xxx/CVE-2024-47046.json +++ b/2024/47xxx/CVE-2024-47046.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process." } ] }, @@ -36,7 +36,7 @@ "product": { "product_data": [ { - "product_name": "Simcenter Nastran 2306", + "product_name": "Simcenter Femap V2306", "version": { "version_data": [ { @@ -48,7 +48,7 @@ } }, { - "product_name": "Simcenter Nastran 2312", + "product_name": "Simcenter Femap V2401", "version": { "version_data": [ { @@ -60,13 +60,13 @@ } }, { - "product_name": "Simcenter Nastran 2406", + "product_name": "Simcenter Femap V2406", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", - "version_value": "V2406.5000" + "version_value": "*" } ] } @@ -83,6 +83,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-881356.html" } ] }, diff --git a/2024/47xxx/CVE-2024-47117.json b/2024/47xxx/CVE-2024-47117.json index 8bf1e2efca6..e17094d35e8 100644 --- a/2024/47xxx/CVE-2024-47117.json +++ b/2024/47xxx/CVE-2024-47117.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Carbon Charts", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0.4.0", + "version_value": "1.13.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/7178269", + "refsource": "MISC", + "name": "https://www.ibm.com/support/pages/node/7178269" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/49xxx/CVE-2024-49704.json b/2024/49xxx/CVE-2024-49704.json index b0786088dc3..f14ebba75d1 100644 --- a/2024/49xxx/CVE-2024-49704.json +++ b/2024/49xxx/CVE-2024-49704.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.3.3.5.8" + } + ] + } + }, + { + "product_name": "COMOS V10.4.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "COMOS V10.4.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "COMOS V10.4.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "COMOS V10.4.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.4.3.0.47" + } + ] + } + }, + { + "product_name": "COMOS V10.4.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.4.4.2" + } + ] + } + }, + { + "product_name": "COMOS V10.4.4.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.4.4.1.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/49xxx/CVE-2024-49849.json b/2024/49xxx/CVE-2024-49849.json index 735e6245c4b..8f9bc35da10 100644 --- a/2024/49xxx/CVE-2024-49849.json +++ b/2024/49xxx/CVE-2024-49849.json @@ -1,17 +1,542 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-49849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-PLCSIM V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC S7-PLCSIM V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.4 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.4 SP3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.5 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.6 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Safety ES V17 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Safety ES V18 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Safety ES V19 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Soft Starter ES V17 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Soft Starter ES V18 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Soft Starter ES V19 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V16", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-800126.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/52xxx/CVE-2024-52051.json b/2024/52xxx/CVE-2024-52051.json index 4716cb35dc6..5d9d6ae0f74 100644 --- a/2024/52xxx/CVE-2024-52051.json +++ b/2024/52xxx/CVE-2024-52051.json @@ -1,17 +1,470 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-52051", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-PLCSIM V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC S7-PLCSIM V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 Safety V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC STEP 7 V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified PC Runtime V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified PC Runtime V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC Unified V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOCODE ES V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.4 SP3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.5 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIMOTION SCOUT TIA V5.6 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SINAMICS Startdrive V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Safety ES V17 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Safety ES V18 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Safety ES V19 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Soft Starter ES V17 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Soft Starter ES V18 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "SIRIUS Soft Starter ES V19 (TIA Portal)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V17", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V18", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "TIA Portal Cloud V19", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-392859.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/52xxx/CVE-2024-52565.json b/2024/52xxx/CVE-2024-52565.json index 744748d9166..798d039c8fe 100644 --- a/2024/52xxx/CVE-2024-52565.json +++ b/2024/52xxx/CVE-2024-52565.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52566.json b/2024/52xxx/CVE-2024-52566.json index 745cbc8f448..c2ccddf0cfd 100644 --- a/2024/52xxx/CVE-2024-52566.json +++ b/2024/52xxx/CVE-2024-52566.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52567.json b/2024/52xxx/CVE-2024-52567.json index e492a579c50..12106ba9440 100644 --- a/2024/52xxx/CVE-2024-52567.json +++ b/2024/52xxx/CVE-2024-52567.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52568.json b/2024/52xxx/CVE-2024-52568.json index 77831fac934..e1b2d8ffb6c 100644 --- a/2024/52xxx/CVE-2024-52568.json +++ b/2024/52xxx/CVE-2024-52568.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52569.json b/2024/52xxx/CVE-2024-52569.json index 70d34d5fb4e..9d1f1be205f 100644 --- a/2024/52xxx/CVE-2024-52569.json +++ b/2024/52xxx/CVE-2024-52569.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52570.json b/2024/52xxx/CVE-2024-52570.json index b7d701c8f77..0b97a58f9d1 100644 --- a/2024/52xxx/CVE-2024-52570.json +++ b/2024/52xxx/CVE-2024-52570.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52571.json b/2024/52xxx/CVE-2024-52571.json index 38456336fd1..d2208331d7b 100644 --- a/2024/52xxx/CVE-2024-52571.json +++ b/2024/52xxx/CVE-2024-52571.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52572.json b/2024/52xxx/CVE-2024-52572.json index 57ca01a7624..7c86af9151e 100644 --- a/2024/52xxx/CVE-2024-52572.json +++ b/2024/52xxx/CVE-2024-52572.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52573.json b/2024/52xxx/CVE-2024-52573.json index c00404d9280..d6ec8416d11 100644 --- a/2024/52xxx/CVE-2024-52573.json +++ b/2024/52xxx/CVE-2024-52573.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/52xxx/CVE-2024-52574.json b/2024/52xxx/CVE-2024-52574.json index 2d8e0f5b947..aca959a5867 100644 --- a/2024/52xxx/CVE-2024-52574.json +++ b/2024/52xxx/CVE-2024-52574.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)" + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)" } ] }, @@ -35,6 +35,54 @@ "vendor_name": "Siemens", "product": { "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2406", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2406.0005" + } + ] + } + }, { "product_name": "Tecnomatix Plant Simulation V2302", "version": { @@ -71,6 +119,11 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" } ] }, diff --git a/2024/53xxx/CVE-2024-53041.json b/2024/53xxx/CVE-2024-53041.json index 014c48b1213..6cbeee32221 100644 --- a/2024/53xxx/CVE-2024-53041.json +++ b/2024/53xxx/CVE-2024-53041.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53041", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0016" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2404", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2404.0005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/53xxx/CVE-2024-53242.json b/2024/53xxx/CVE-2024-53242.json index 5f611268e0b..e43b54b8189 100644 --- a/2024/53xxx/CVE-2024-53242.json +++ b/2024/53xxx/CVE-2024-53242.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53242", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Teamcenter Visualization V14.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.2.0.14" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V14.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V14.3.0.12" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V2312", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2312.0008" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2302", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2302.0016" + } + ] + } + }, + { + "product_name": "Tecnomatix Plant Simulation V2404", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V2404.0005" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/53xxx/CVE-2024-53832.json b/2024/53xxx/CVE-2024-53832.json index 68474e375ce..38b97aeaf9e 100644 --- a/2024/53xxx/CVE-2024-53832.json +++ b/2024/53xxx/CVE-2024-53832.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-53832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522: Insufficiently Protected Credentials", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "CPCI85 Central Processing/Communication", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V05.30" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-128393.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/54xxx/CVE-2024-54005.json b/2024/54xxx/CVE-2024-54005.json index 55c0150715d..5c3a8df2dcf 100644 --- a/2024/54xxx/CVE-2024-54005.json +++ b/2024/54xxx/CVE-2024-54005.json @@ -1,17 +1,146 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54005", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.3.3.5.8" + } + ] + } + }, + { + "product_name": "COMOS V10.4.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "COMOS V10.4.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "COMOS V10.4.2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + }, + { + "product_name": "COMOS V10.4.3", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.4.3.0.47" + } + ] + } + }, + { + "product_name": "COMOS V10.4.4", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.4.4.2" + } + ] + } + }, + { + "product_name": "COMOS V10.4.4.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V10.4.4.1.21" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/54xxx/CVE-2024-54091.json b/2024/54xxx/CVE-2024-54091.json index bc92dbe1266..6ad84b07949 100644 --- a/2024/54xxx/CVE-2024-54091.json +++ b/2024/54xxx/CVE-2024-54091.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files.\r\nThis could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Parasolid V36.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V36.1.225" + } + ] + } + }, + { + "product_name": "Parasolid V37.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V37.0.173" + } + ] + } + }, + { + "product_name": "Parasolid V37.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V37.1.109" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-979056.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-979056.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/54xxx/CVE-2024-54093.json b/2024/54xxx/CVE-2024-54093.json index ef75c64309f..268d89292d1 100644 --- a/2024/54xxx/CVE-2024-54093.json +++ b/2024/54xxx/CVE-2024-54093.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/54xxx/CVE-2024-54094.json b/2024/54xxx/CVE-2024-54094.json index 3a1262ab2c8..032336d9361 100644 --- a/2024/54xxx/CVE-2024-54094.json +++ b/2024/54xxx/CVE-2024-54094.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/54xxx/CVE-2024-54095.json b/2024/54xxx/CVE-2024-54095.json index 069491a4f41..ae608788cca 100644 --- a/2024/54xxx/CVE-2024-54095.json +++ b/2024/54xxx/CVE-2024-54095.json @@ -1,17 +1,74 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-54095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)", + "cweId": "CWE-191" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2024", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V224.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/html/ssa-730188.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/55xxx/CVE-2024-55586.json b/2024/55xxx/CVE-2024-55586.json index 0be0a62c896..d54020df80c 100644 --- a/2024/55xxx/CVE-2024-55586.json +++ b/2024/55xxx/CVE-2024-55586.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-55586", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-55586", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nette/database/releases", + "refsource": "MISC", + "name": "https://github.com/nette/database/releases" + }, + { + "refsource": "MISC", + "name": "https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html", + "url": "https://www.csirt.sk/nette-framework-vulnerability-permits-sql-injection.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/CSIRTTrizna/CVE-2024-55586", + "url": "https://github.com/CSIRTTrizna/CVE-2024-55586" } ] } diff --git a/2024/5xxx/CVE-2024-5660.json b/2024/5xxx/CVE-2024-5660.json index 932f0469eaf..fc1adcd88c9 100644 --- a/2024/5xxx/CVE-2024-5660.json +++ b/2024/5xxx/CVE-2024-5660.json @@ -1,18 +1,247 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-5660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "arm-security@arm.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 & Travis\u00a0may permit bypass of Stage-2 translation and/or GPT protection" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668 Exposure of Resource to Wrong Sphere", + "cweId": "CWE-668" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Arm", + "product": { + "product_data": [ + { + "product_name": "Cortex-A77", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Neoverse V1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-A78AE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-78C", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-X1C", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-A78", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-X1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Neoverse N2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-A710", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-X2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Neoverse V2", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-X3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Neoverse V3AE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Neoverse V3", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-X4", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Cortex-X925", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0" + } + ] + } + }, + { + "product_name": "Travis", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "EAC" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660", + "refsource": "MISC", + "name": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file