admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-11 19:00:37 +00:00
parent aed88faf6e
commit c17a321373
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 330 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/46xxx/CVE-2022-46081.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information."
"value": "** DISPUTED ** In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product."
}
]
},

91
2023/1xxx/CVE-2023-1834.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nRockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.\u00a0 This could potentially allow attackers unauthorized\u00a0access to the device through the open ports."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "Kinetix 5500 EtherNet/IP Servo Drive",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139441",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139441"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should upgrade to v7.14 to correct the issue."
}
],
"value": "Customers should upgrade to v7.14 to correct the issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}

90
2023/2xxx/CVE-2023-2443.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2443",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nRockwell Automation ThinManager product allows the use of medium strength ciphers. \u00a0If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rockwell Automation ThinManager Software Utilizes Inadequate Encryption Strength"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "ThinManager ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<=13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139442"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should upgrade to 13.0.2 to correct this issue.&nbsp; If upgrading is not possible, customers should ensure that the&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">3DES encryption algorithm is not used.</span>"
}
],
"value": "Customers should upgrade to 13.0.2 to correct this issue.\u00a0 If upgrading is not possible, customers should ensure that the\u00a03DES encryption algorithm is not used."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

90
2023/2xxx/CVE-2023-2444.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2444",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product.\u00a0\u00a0Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Rockwell Automation FactoryTalk Vantagepoint Vulnerable To Cross Site Request Forgery "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk Vantagepoint",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<v8.40"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139443"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should upgrade to version 8.40 to fix the issue."
}
],
"value": "Customers should upgrade to version 8.40 to fix the issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}

76
2023/30xxx/CVE-2023-30394.json
View File

@ -1,17 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-30394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://moveit.com",
"refsource": "MISC",
"name": "http://moveit.com"
},
{
"url": "https://github.com/ros-planning/moveit",
"refsource": "MISC",
"name": "https://github.com/ros-planning/moveit"
},
{
"url": "https://i.ibb.co/R2JSPV5/2022-10-02-12-39-57-Window.png",
"refsource": "MISC",
"name": "https://i.ibb.co/R2JSPV5/2022-10-02-12-39-57-Window.png"
},
{
"url": "https://i.ibb.co/RyRSzpN/Response-Manipulation.png",
"refsource": "MISC",
"name": "https://i.ibb.co/RyRSzpN/Response-Manipulation.png"
},
{
"refsource": "MISC",
"name": "https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-30394",
"url": "https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-30394"
}
]
}