From bca5b991731285050b5914776dae20a5839996a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 13 Dec 2022 22:00:38 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/2xxx/CVE-2022-2660.json | 97 +++++++++++++++++++++++++++-- 2022/2xxx/CVE-2022-2757.json | 97 +++++++++++++++++++++++++++-- 2022/38xxx/CVE-2022-38355.json | 108 +++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41653.json | 108 +++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43996.json | 56 +++++++++++++++-- 2022/46xxx/CVE-2022-46381.json | 56 +++++++++++++++-- 2022/47xxx/CVE-2022-47376.json | 18 ++++++ 2022/47xxx/CVE-2022-47377.json | 18 ++++++ 2022/4xxx/CVE-2022-4461.json | 18 ++++++ 9 files changed, 548 insertions(+), 28 deletions(-) create mode 100644 2022/47xxx/CVE-2022-47376.json create mode 100644 2022/47xxx/CVE-2022-47377.json create mode 100644 2022/4xxx/CVE-2022-4461.json diff --git a/2022/2xxx/CVE-2022-2660.json b/2022/2xxx/CVE-2022-2660.json index 21eb234a9b2..3fb960b3c1c 100644 --- a/2022/2xxx/CVE-2022-2660.json +++ b/2022/2xxx/CVE-2022-2660.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321 Use of Hard-Coded Cryptographic Key", + "cweId": "CWE-321" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "Industrial Automation DIALink", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nMitigation measures have been added in DIALink v1.5.0.0. \n\nDelta Electronics recommends users contact Delta Electronics customer service or a Delta Electronics representative for this release, as it will not be released publicly.\n\n
" + } + ], + "value": "\nMitigation measures have been added in DIALink v1.5.0.0.\u00a0\n\nDelta Electronics recommends users contact Delta Electronics customer service https://www.deltaww.com/en/customerService \u00a0or a Delta Electronics representative for this release, as it will not be released publicly.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Y4er working with Trend Micro Zero Day Initiative reported this vulnerability to CISA" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/2xxx/CVE-2022-2757.json b/2022/2xxx/CVE-2022-2757.json index 93735ea8019..c5b2823af80 100644 --- a/2022/2xxx/CVE-2022-2757.json +++ b/2022/2xxx/CVE-2022-2757.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kingspan ", + "product": { + "product_data": [ + { + "product_name": "TMS300 CS", + "version": { + "version_data": [ + { + "version_value": "All Versions ", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nKingspan has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected product are encouraged to \ncontact Kingspan customer support for additional information.\n\n
" + } + ], + "value": "Kingspan has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected product are encouraged to \ncontact Kingspan customer support https://www.kingspan.com/us/en/contact-us/ for additional information.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Maxim Rupp reported this vulnerability to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/38xxx/CVE-2022-38355.json b/2022/38xxx/CVE-2022-38355.json index 7771736cf77..6fd20aac542 100644 --- a/2022/38xxx/CVE-2022-38355.json +++ b/2022/38xxx/CVE-2022-38355.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-38355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Daikin", + "product": { + "product_data": [ + { + "product_name": "SVMPC1 ", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SVMPC2", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nDaikin Holdings Singapore Pte Ltd. has released an update that will \nautomatically install if the SVM controller is enabled. No user \noperation is required. \n\n
" + } + ], + "value": "Daikin Holdings Singapore Pte Ltd. has released an update that will \nautomatically install if the SVM controller is enabled. No user \noperation is required. \n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Chizuru Toyama from TXOne Networks reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/41xxx/CVE-2022-41653.json b/2022/41xxx/CVE-2022-41653.json index e9eb7ac1de0..aa742a890b0 100644 --- a/2022/41xxx/CVE-2022-41653.json +++ b/2022/41xxx/CVE-2022-41653.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-259 Use of Hard-Coded Password", + "cweId": "CWE-259" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Daikin", + "product": { + "product_data": [ + { + "product_name": "SVMPC1 ", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "SVMPC2", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nDaikin Holdings Singapore Pte Ltd. has released an update that will \nautomatically install if the SVM controller is enabled. No user \noperation is required. \n\n
" + } + ], + "value": "Daikin Holdings Singapore Pte Ltd. has released an update that will \nautomatically install if the SVM controller is enabled. No user \noperation is required. \n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Chizuru Toyama from TXOne Networks reported these vulnerabilities to CISA" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/43xxx/CVE-2022-43996.json b/2022/43xxx/CVE-2022-43996.json index 7c6fc7ea8bd..6d855bf1560 100644 --- a/2022/43xxx/CVE-2022-43996.json +++ b/2022/43xxx/CVE-2022-43996.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43996", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43996", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0003.json", + "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0003.json" } ] } diff --git a/2022/46xxx/CVE-2022-46381.json b/2022/46xxx/CVE-2022-46381.json index da056b72e60..bd3df38393e 100644 --- a/2022/46xxx/CVE-2022-46381.json +++ b/2022/46xxx/CVE-2022-46381.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-46381", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-46381", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt", + "url": "https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt" } ] } diff --git a/2022/47xxx/CVE-2022-47376.json b/2022/47xxx/CVE-2022-47376.json new file mode 100644 index 00000000000..5350c658877 --- /dev/null +++ b/2022/47xxx/CVE-2022-47376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/47xxx/CVE-2022-47377.json b/2022/47xxx/CVE-2022-47377.json new file mode 100644 index 00000000000..4bfb7bbab1b --- /dev/null +++ b/2022/47xxx/CVE-2022-47377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-47377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/4xxx/CVE-2022-4461.json b/2022/4xxx/CVE-2022-4461.json new file mode 100644 index 00000000000..387e33e1f8c --- /dev/null +++ b/2022/4xxx/CVE-2022-4461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-4461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file