admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Siemens AD-2021-07

Browse Source
This commit is contained in:
Siemens ProductCERT 2021-07-13 11:44:50 +02:00
parent 4142493222
commit c3994abaf5
62 changed files with 5299 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
2018/4xxx/CVE-2018-4839.json
View File

@ -1,74 +1,175 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2018-4839",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "DIGSI 4, EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant, SIPROTEC Compact 7SJ80, SIPROTEC Compact 7SK80, SIPROTEC Compact 7SJ66, Other SIPROTEC Compact relays, Other SIPROTEC 4 relays",
"product_name": "DIGSI 4",
"version": {
"version_data": [
{
"version_value": "DIGSI 4 : All versions < V4.92"
},
"version_value": "All versions < V4.92"
}
]
}
},
{
"product_name": "EN100 Ethernet module DNP3 variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module IEC 61850 variant : All versions < V4.30"
},
"version_value": "All versions < V1.05.00"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 104 variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module PROFINET IO variant : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 61850 variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module Modbus TCP variant : All versions"
},
"version_value": "All versions < V4.30"
}
]
}
},
{
"product_name": "EN100 Ethernet module Modbus TCP variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module DNP3 variant : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module PROFINET IO variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module IEC 104 variant : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "Other SIPROTEC 4 relays",
"version": {
"version_data": [
{
"version_value": "SIPROTEC Compact 7SJ80 : All versions < V4.77"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "Other SIPROTEC Compact relays",
"version": {
"version_data": [
{
"version_value": "SIPROTEC Compact 7SK80 : All versions < V4.77"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SD80",
"version": {
"version_data": [
{
"version_value": "SIPROTEC Compact 7SJ66 : All versions < V4.30"
},
"version_value": "All versions < V4.70"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ61",
"version": {
"version_data": [
{
"version_value": "Other SIPROTEC Compact relays : All versions"
},
"version_value": "All versions < V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ62",
"version": {
"version_data": [
{
"version_value": "Other SIPROTEC 4 relays : All versions"
"version_value": "All versions < V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ64",
"version": {
"version_data": [
{
"version_value": "All versions < V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ66",
"version": {
"version_data": [
{
"version_value": "All versions < V4.30"
}
]
}
},
{
"product_name": "SIPROTEC Compact 7SJ80",
"version": {
"version_data": [
{
"version_value": "All versions < V4.77"
}
]
}
},
{
"product_name": "SIPROTEC Compact 7SK80",
"version": {
"version_data": [
{
"version_value": "All versions < V4.77"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77), SIPROTEC Compact 7SJ66 (All versions < V4.30), Other SIPROTEC Compact relays (All versions), Other SIPROTEC 4 relays (All versions). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -81,6 +182,14 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.\n"
}
]
},
"references": {
"reference_data": [
{

86
2018/4xxx/CVE-2018-4840.json
View File

@ -1,59 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-03-08T00:00:00",
"ID": "CVE-2018-4840",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "DIGSI 4, EN100 Ethernet module IEC 61850 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module DNP3 variant, EN100 Ethernet module IEC 104 variant",
"product_name": "DIGSI 4",
"version": {
"version_data": [
{
"version_value": "DIGSI 4 : All versions < V4.92"
},
"version_value": "All versions < V4.92"
}
]
}
},
{
"product_name": "EN100 Ethernet module DNP3 variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module IEC 61850 variant : All versions < V4.30"
},
"version_value": "All versions < V1.05.00"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 104 variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module PROFINET IO variant : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 61850 variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module Modbus TCP variant : All versions"
},
"version_value": "All versions < V4.30"
}
]
}
},
{
"product_name": "EN100 Ethernet module Modbus TCP variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module DNP3 variant : All versions"
},
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module PROFINET IO variant",
"version": {
"version_data": [
{
"version_value": "EN100 Ethernet module IEC 104 variant : All versions"
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Siemens DIGSI 4 (All versions < V4.92), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 104 variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -66,6 +92,14 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.\n"
}
]
},
"references": {
"reference_data": [
{

40
2020/15xxx/CVE-2020-15782.json
View File

@ -83,6 +83,36 @@
}
]
}
},
{
"product_name": "SINAMICS PERFECT HARMONY GH180 Drives",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK MC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK ONE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
@ -106,7 +136,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks."
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (All versions), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected devices are vulnerable to a memory protection bypass through a specific operation.\n\nA remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.\n"
}
]
},
@ -116,6 +146,14 @@
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf"
}
]
}

835
2020/28xxx/CVE-2020-28400.json
View File

@ -1,17 +1,840 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-28400",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-28400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RUGGEDCOM RM1224",
"version": {
"version_data": [
{
"version_value": "All Versions < 6.4"
}
]
}
},
{
"product_name": "SCALANCE M-800",
"version": {
"version_data": [
{
"version_value": "All Versions < 6.4"
}
]
}
},
{
"product_name": "SCALANCE S615",
"version": {
"version_data": [
{
"version_value": "All Versions < 6.4"
}
]
}
},
{
"product_name": "SCALANCE W1700 IEEE 802.11ac",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE W700 IEEE 802.11n",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X200-4 P IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X201-3P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X202-2P IRT PRO",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2FM",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2LD TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204-2TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X206-1LD (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X208PRO",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X212-2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X212-2LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X216",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X224",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X302-7EEC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X306-1LDFE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X307-2EEC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2M POE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X320-1FE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X320-3LDFE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XB-200",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XC-200",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF-200BA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF201-3P IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE XF202-2P IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE XF204",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF204-2BA IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XF208",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XM400",
"version": {
"version_data": [
{
"version_value": "All versions < V6.3.1"
}
]
}
},
{
"product_name": "SCALANCE XP-200",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR-300WG",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M POE",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M POE TS",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE XR500",
"version": {
"version_data": [
{
"version_value": "All versions < V6.3.1"
}
]
}
},
{
"product_name": "SIMATIC CFU PA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC IE/PB-LINK V3",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC MV500 family",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0"
}
]
}
},
{
"product_name": "SIMATIC NET CM 1542-1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET CP1616/CP1604",
"version": {
"version_data": [
{
"version_value": "All Versions >= V2.7"
}
]
}
},
{
"product_name": "SIMATIC NET CP1626",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET DK-16xx PN IO",
"version": {
"version_data": [
{
"version_value": "All Versions >= V2.7"
}
]
}
},
{
"product_name": "SIMATIC PROFINET Driver",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All Versions < V4.5"
}
]
}
},
{
"product_name": "SIMOCODE proV Ethernet/IP",
"version": {
"version_data": [
{
"version_value": "All versions < V1.1.3"
}
]
}
},
{
"product_name": "SIMOCODE proV PROFINET",
"version": {
"version_data": [
{
"version_value": "All versions < V2.1.3"
}
]
}
},
{
"product_name": "SOFTNET-IE PNIO",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions < 6.4), SCALANCE M-800 (All Versions < 6.4), SCALANCE S615 (All Versions < 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions >= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf"
}
]
}

2
2020/7xxx/CVE-2020-7581.json
View File

@ -176,7 +176,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted."
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.\n"
}
]
},

4
2020/7xxx/CVE-2020-7587.json
View File

@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V2.6"
}
]
}
@ -196,7 +196,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service."
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could\ncause a partial remote Denial-of-Service, that would cause the service\nto restart itself.\n\nOn some cases the vulnerability could leak random information from the\nremote service.\n"
}
]
},

4
2020/7xxx/CVE-2020-7588.json
View File

@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V2.6"
}
]
}
@ -196,7 +196,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself."
"value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a\npartial remote Denial-of-Service, that would cause the service to restart\nitself.\n"
}
]
},

75
2021/25xxx/CVE-2021-25671.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25671",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-25671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RWG1.M12",
"version": {
"version_data": [
{
"version_value": "All versions < V1.16.16"
}
]
}
},
{
"product_name": "RWG1.M12D",
"version": {
"version_data": [
{
"version_value": "All versions < V1.16.16"
}
]
}
},
{
"product_name": "RWG1.M8",
"version": {
"version_data": [
{
"version_value": "All versions < V1.16.16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected device\ncould cause a partial denial-of-service, preventing the device\nto operate normally. A restart is needed to restore normal operations.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-448291.pdf"
}
]
}

245
2021/31xxx/CVE-2021-31892.json
View File

@ -1,17 +1,250 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31892",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31892",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SINUMERIK Analyse MyCondition",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 02",
"version": {
"version_data": [
{
"version_value": "All versions >= V02.00.12 < 02.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 03",
"version": {
"version_data": [
{
"version_value": "All versions >= V03.00.12 < 03.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 04",
"version": {
"version_data": [
{
"version_value": "V04.00.02 and all versions >= V04.00.15 < 04.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate for Production 4.1",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1 SP10 HF3"
}
]
}
},
{
"product_name": "SINUMERIK Integrate for Production 5.1",
"version": {
"version_data": [
{
"version_value": "V5.1"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines /Remote",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines /Spindel Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyPrograms",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyResources /Programs",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyResources /Tools",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyTools",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.8",
"version": {
"version_data": [
{
"version_value": "All versions < V4.8 SP8"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.93",
"version": {
"version_data": [
{
"version_value": "All versions < V4.93 HF7"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.94",
"version": {
"version_data": [
{
"version_value": "All versions < V4.94 HF5"
}
]
}
},
{
"product_name": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
}
]
}

95
2021/31xxx/CVE-2021-31893.json
View File

@ -1,17 +1,100 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31893",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31893",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions < V9.0 SP3"
}
]
}
},
{
"product_name": "SIMATIC PDM",
"version": {
"version_data": [
{
"version_value": "All versions < V9.2"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.6 SP2 HF3"
}
]
}
},
{
"product_name": "SINAMICS STARTER (containing STEP 7 OEM version)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.4 HF2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). The affected software contains a buffer overflow vulnerability while handling certain files that could allow a local attacker to trigger a denial-of-service condition or potentially lead to remote code execution.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf"
}
]
}

95
2021/31xxx/CVE-2021-31894.json
View File

@ -1,17 +1,100 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31894",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31894",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.X",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PDM",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.7"
}
]
}
},
{
"product_name": "SINAMICS STARTER (containing STEP 7 OEM version)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions). A directory containing metafiles relevant to devices' configurations has write permissions.\nAn attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf"
}
]
}

725
2021/31xxx/CVE-2021-31895.json
View File

@ -1,17 +1,730 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31895",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-31895",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM ROS M2100",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS M2200",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS M969",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC20",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC30",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC40",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC41",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC8388 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RMC8388 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RP110",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS400",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS401",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS416",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS416v2 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS416v2 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < 5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS8000",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS8000A",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS8000H",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS8000T",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900 (32M) V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900 (32M) V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900G",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900G (32M) V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900G (32M) V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900GP",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900L",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS900W",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS910",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS910L",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS910W",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS920L",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS920W",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS930L",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS930W",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS940G",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RS969",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2100 (32M) V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2100 (32M) V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2100 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2100P",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2100P (32M) V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2100P (32M) V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2200",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2288 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2288 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2300 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2300 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2300P V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2300P V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2488 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG2488 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG900 V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG900 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG900C",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG900G V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG900G V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG900R",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG920P V4.X",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSG920P V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RSL910",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RST2228",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RST916C",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS RST916P",
"version": {
"version_data": [
{
"version_value": "All versions < V5.5.4"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS i800",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS i801",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS i802",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
},
{
"product_name": "RUGGEDCOM ROS i803",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.7"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf"
}
]
}

75
2021/33xxx/CVE-2021-33709.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33709",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33709",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Active Workspace V4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.9"
}
]
}
},
{
"product_name": "Teamcenter Active Workspace V5.0",
"version": {
"version_data": [
{
"version_value": "All versions < V5.0.7"
}
]
}
},
{
"product_name": "Teamcenter Active Workspace V5.1",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). By sending malformed requests, a remote attacker could leak an application token due to an error not properly handled by the system.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf"
}
]
}

75
2021/33xxx/CVE-2021-33710.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33710",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33710",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Active Workspace V4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.9"
}
]
}
},
{
"product_name": "Teamcenter Active Workspace V5.0",
"version": {
"version_data": [
{
"version_value": "All versions < V5.0.7"
}
]
}
},
{
"product_name": "Teamcenter Active Workspace V5.1",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf"
}
]
}

75
2021/33xxx/CVE-2021-33711.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33711",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33711",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Teamcenter Active Workspace V4",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3.9"
}
]
}
},
{
"product_name": "Teamcenter Active Workspace V5.0",
"version": {
"version_data": [
{
"version_value": "All versions < V5.0.7"
}
]
}
},
{
"product_name": "Teamcenter Active Workspace V5.1",
"version": {
"version_data": [
{
"version_value": "All versions < V5.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). The affected application allows verbose error messages which allow leaking of sensitive information, such as full paths.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf"
}
]
}

55
2021/33xxx/CVE-2021-33713.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33713",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT Utilities",
"version": {
"version_data": [
{
"version_value": "All versions < V13.0.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-688: Function Call With Incorrect Variable or Reference as Argument"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"
}
]
}

55
2021/33xxx/CVE-2021-33714.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33714",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT Utilities",
"version": {
"version_data": [
{
"version_value": "All versions < V13.0.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"
}
]
}

55
2021/33xxx/CVE-2021-33715.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33715",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33715",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT Utilities",
"version": {
"version_data": [
{
"version_value": "All versions < V13.0.2.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf"
}
]
}

75
2021/33xxx/CVE-2021-33718.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33718",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33718",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Mendix Applications using Mendix 7",
"version": {
"version_data": [
{
"version_value": "All versions < V7.23.22"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 8",
"version": {
"version_data": [
{
"version_value": "All versions < V8.18.7"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 9",
"version": {
"version_data": [
{
"version_value": "All versions < V9.3.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22), Mendix Applications using Mendix 8 (All versions < V8.18.7), Mendix Applications using Mendix 9 (All versions < V9.3.0). Write access checks of attributes of an object could be bypassed, if user has a write permissions to the first attribute of this object.\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34291.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34291",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34291",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing GIF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-12956)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34292.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34292",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34292",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-12959)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34293.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34293",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing GIF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13020)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34294.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34294",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing GIF files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13023\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34295.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34295",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing GIF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13024)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34296.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34296",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing BMP files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13057)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34297.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34297",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing BMP files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13059)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34298.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34298",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34298",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13060)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34299.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34299",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34299",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13192)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34300.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34300",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13194)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34301.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34301",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13196)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34302.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34302",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34302",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing BMP files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13197)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34303.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34303",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34303",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13198)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34304.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34304",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13199)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34305.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34305",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing GIF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13340)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34306.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34306",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34306",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing BMP files. This could result in a memory corruption condition.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13342)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34307.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34307",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13343)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34308.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34308",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34308",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing BMP files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13344)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34309.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34309",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34309",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13350)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34310.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34310",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13351)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34311.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34311",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34311",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing J2K files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13352)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34312.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34312",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34312",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13353)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34313.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34313",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34313",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing TIFF files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13354)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34314.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34314",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34314",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing SGI files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13355)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34315.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34315",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34315",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing SGI files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13356)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34316.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34316",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34316",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when\nparsing PDF files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13380)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34317.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34317",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34317",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing PCX files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13402)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34318.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34318",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34318",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing PCT files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13403)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34319.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34319",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing SGI files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13404)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34320.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34320",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34320",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when\nparsing JT files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13406)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34321.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34321",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The VisDraw.dll library in affected applications lacks proper validation of user-supplied data when\nparsing J2K files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13414)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34322.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34322",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34322",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The JPEG2K_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing J2K files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13416)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34323.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34323",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when\nparsing JT files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13419)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34324.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34324",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34325.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34325",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-126: Buffer Over-read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when\nparsing JT files. This could result in an out of bounds read past the end of an allocated buffer.\nAn attacker could leverage this vulnerability to leak information in the context of the current process.\n(ZDI-CAN-13421)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

79
2021/34xxx/CVE-2021-34326.json
View File

@ -1,17 +1,84 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34326",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP5"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when\nparsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13422)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
}
]
}

79
2021/34xxx/CVE-2021-34327.json
View File

@ -1,17 +1,84 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34327",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP5"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when\nparsing ASM files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13423)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
}
]
}

79
2021/34xxx/CVE-2021-34328.json
View File

@ -1,17 +1,84 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34328",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP5"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when\nparsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13424)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
}
]
}

79
2021/34xxx/CVE-2021-34329.json
View File

@ -1,17 +1,84 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34329",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions < SE2021MP5"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when\nparsing PAR files. This could result in an out of bounds write past the fixed-length heap-based buffer.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13427)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34330.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34330",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34330",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13430)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34331.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34331",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34331",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when\nparsing JT files. This could result in an out of bounds write past the end of an allocated structure.\nAn attacker could leverage this vulnerability to execute code in the context of the current process.\n(ZDI-CAN-13442)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34332.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34332",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34332",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when\nparsing BMP files. A malformed input file could result in an infinite loop condition that leads to denial of service condition. An attacker could leverage this vulnerability to consume excessive resources.\n(CNVD-C-2021-79300)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}

65
2021/34xxx/CVE-2021-34333.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-34333",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-34333",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
},
{
"product_name": "Teamcenter Visualization",
"version": {
"version_data": [
{
"version_value": "All versions < V13.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415: Double Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295)\n"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
}
]
}