From bfd7203a06836a8592def6323a4f85d5bec2cf28 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Mon, 22 May 2023 06:00:45 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2019/25xxx/CVE-2019-25137.json |  7 ++-
 2023/33xxx/CVE-2023-33235.json | 91 ++++++++++++++++++++++++++++++++--
 2 files changed, 93 insertions(+), 5 deletions(-)

diff --git a/2019/25xxx/CVE-2019-25137.json b/2019/25xxx/CVE-2019-25137.json
index 963f8430386..34939bec0d0 100644
--- a/2019/25xxx/CVE-2019-25137.json
+++ b/2019/25xxx/CVE-2019-25137.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx."
+                "value": "Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx."
             }
         ]
     },
@@ -66,6 +66,11 @@
                 "url": "https://0xdf.gitlab.io/2020/09/05/htb-remote.html",
                 "refsource": "MISC",
                 "name": "https://0xdf.gitlab.io/2020/09/05/htb-remote.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://github.com/Ickarah/CVE-2019-25137-Version-Research",
+                "url": "https://github.com/Ickarah/CVE-2019-25137-Version-Research"
             }
         ]
     }
diff --git a/2023/33xxx/CVE-2023-33235.json b/2023/33xxx/CVE-2023-33235.json
index 40103d92cd3..1b5a804720d 100644
--- a/2023/33xxx/CVE-2023-33235.json
+++ b/2023/33xxx/CVE-2023-33235.json
@@ -1,17 +1,100 @@
 {
+    "data_version": "4.0",
     "data_type": "CVE",
     "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2023-33235",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@moxa.com",
+        "STATE": "PUBLIC"
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\n\n"
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
+                        "cweId": "CWE-77"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Moxa",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "MXsecurity Series",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities",
+                "refsource": "MISC",
+                "name": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.1.0-dev"
+    },
+    "source": {
+        "discovery": "EXTERNAL"
+    },
+    "solution": [
+        {
+            "lang": "en",
+            "supportingMedia": [
+                {
+                    "base64": false,
+                    "type": "text/html",
+                    "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:<br><ul><li>MXsecurity Series: Please upgrade to software v1.0.1 or higher.</li></ul>"
+                }
+            ],
+            "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  MXsecurity Series: Please upgrade to software v1.0.1 or higher.\n\n\n"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "attackComplexity": "LOW",
+                "attackVector": "NETWORK",
+                "availabilityImpact": "HIGH",
+                "baseScore": 7.2,
+                "baseSeverity": "HIGH",
+                "confidentialityImpact": "HIGH",
+                "integrityImpact": "HIGH",
+                "privilegesRequired": "HIGH",
+                "scope": "UNCHANGED",
+                "userInteraction": "NONE",
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+                "version": "3.1"
             }
         ]
     }