admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Siemens AD-2022-04

Browse Source
This commit is contained in:
Siemens ProductCERT 2022-04-12 10:59:50 +02:00
parent 8a38e7d652
commit c466b33afe
71 changed files with 11745 additions and 510 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
2016/8xxx/CVE-2016-8561.json
View File

@ -1,55 +1,65 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2016-8561",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "SIMATIC CP 1543-1",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "All versions < V2.0.28"
}
]
}
},
{
"product_name": "SIPLUS NET CP 1543-1",
"version": {
"version_data": [
{
"version_value": "All versions < V2.0.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated users to gain privileges by leveraging certain TIA-Portal access and project-data access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices."
}
]
},
"references": {
"reference_data": [
{

44
2016/8xxx/CVE-2016-8562.json
View File

@ -1,55 +1,65 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2016-8562",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "SIMATIC CP 1543-1",
"version": {
"version_data": [
{
"version_value": "n/a"
"version_value": "All versions < V2.0.28"
}
]
}
},
{
"product_name": "SIPLUS NET CP 1543-1",
"version": {
"version_data": [
{
"version_value": "All versions < V2.0.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or SNMPv1 is enabled, allows remote authenticated users to cause a denial of service by modifying SNMP variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which\nshould be read-only and should only be configured with TIA-Portal. A write to these\nvariables could reduce the availability or cause a denial-of-service."
}
]
},
"references": {
"reference_data": [
{

14
2018/4xxx/CVE-2018-4832.json
View File

@ -115,7 +115,17 @@
}
},
{
"product_name": "SIMATIC NET PC-Software",
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
@ -306,7 +316,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC-Software (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could\ncause a Denial-of-Service condition on the remote and local communication functionality of the\naffected products. A reboot of the system is required to recover the remote and local\ncommunication functionality.\n\nPlease note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known."
}
]
},

66
2019/10xxx/CVE-2019-10929.json
View File

@ -11,7 +11,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens AG",
"vendor_name": "Siemens",
"product": {
"product_data": [
{
@ -39,27 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= 20.8"
}
]
}
},
{
"product_name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V20.8"
}
]
}
@ -75,7 +55,17 @@
}
},
{
"product_name": "SIMATIC NET PC Software",
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
@ -89,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= V3.0"
"version_value": "All versions < V3.0"
}
]
}
@ -99,7 +89,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= V4.4"
"version_value": "All versions < V4.4"
}
]
}
@ -109,17 +99,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= V2.8.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant)",
"version": {
"version_data": [
{
"version_value": "All versions <= V2.8.1"
"version_value": "All versions < V2.8.1"
}
]
}
@ -129,7 +109,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= V20.8"
"version_value": "All versions < V20.8"
}
]
}
@ -159,7 +139,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= 3.15"
"version_value": "All versions < V3.16 P013"
}
]
}
@ -169,7 +149,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V16"
}
]
}
@ -179,17 +159,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V16"
}
]
}
},
{
"product_name": "TIM 1531 IRC (incl. SIPLUS variant)",
"product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V2.1"
}
]
}
@ -216,7 +196,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions <= 20.8), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC (All versions), SIMATIC ET200SP (incl. SIPLUS variants) Open Controller CPU 1515SP PC2 (All versions), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software (All versions), SIMATIC S7 PLCSIM Advanced (All versions <= V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions <= V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518-4 PN/DP and CPU 1518 MFP (and related SIPLUS variant) (All versions <= V2.8.1), SIMATIC S7-1500 Software Controller (All versions <= V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions <= 3.15), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional (All versions), TIM 1531 IRC (incl. SIPLUS variant) (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication."
"value": "A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7 PLCSIM Advanced (All versions < V3.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), excluding CPU 1518 MFP (and related SIPLUS variant) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain\nproperties in the calculation used for integrity protection.\n\nThis could allow an attacker in a Man-in-the-Middle position to modify network\ntraffic sent on port 102/tcp to the affected devices."
}
]
},

122
2019/13xxx/CVE-2019-13939.json
View File

@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions < V3.5.3"
}
]
}
@ -45,7 +45,7 @@
}
},
{
"product_name": "Desigo PXC (Power PC)",
"product_name": "Desigo PXC00-E.D",
"version": {
"version_data": [
{
@ -55,7 +55,117 @@
}
},
{
"product_name": "Desigo PXM20 (Power PC)",
"product_name": "Desigo PXC00-U",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC128-U",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXC64-U",
"version": {
"version_data": [
{
"version_value": "All versions >= V2.3x and < V6.00.327"
}
]
}
},
{
"product_name": "Desigo PXM20-E",
"version": {
"version_data": [
{
@ -119,7 +229,7 @@
"version": {
"version_data": [
{
"version_value": "All versions <= V0.3.0.95"
"version_value": "All versions < V0.3.0.330"
}
]
}
@ -129,7 +239,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V3.0"
"version_value": "All versions < V3.5.3"
}
]
}
@ -166,7 +276,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions >= V3.0), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC (Power PC) (All versions >= V2.3x and < V6.00.327), Desigo PXM20 (Power PC) (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions <= V0.3.0.95), TALON TC Series (BACnet) (All versions >= V3.0), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack."
"value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.\n\nThe vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack."
}
]
},

1132
2019/13xxx/CVE-2019-13946.json
View File

File diff suppressed because it is too large Load Diff

24
2019/19xxx/CVE-2019-19282.json
View File

@ -75,7 +75,27 @@
}
},
{
"product_name": "SIMATIC NET PC Software",
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V16",
"version": {
"version_data": [
{
@ -236,7 +256,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction."
"value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."
}
]
},

1062
2019/19xxx/CVE-2019-19301.json
View File

File diff suppressed because it is too large Load Diff

26
2019/6xxx/CVE-2019-6575.json
View File

@ -75,11 +75,31 @@
}
},
{
"product_name": "SIMATIC NET PC Software",
"product_name": "SIMATIC NET PC Software V13",
"version": {
"version_data": [
{
"version_value": "All versions >= V7.1 < V16"
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
@ -206,7 +226,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication."
"value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp\ncould allow an unauthenticated remote attacker to cause a denial of service\ncondition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the OPC communication."
}
]
},

732
2020/28xxx/CVE-2020-28400.json
View File

@ -164,16 +164,6 @@
]
}
},
{
"product_name": "SCALANCE W-1700 IEEE 802.11ac family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE W-700 IEEE 802.11n family",
"version": {
@ -185,7 +175,67 @@
}
},
{
"product_name": "SCALANCE X200-4 P IRT",
"product_name": "SCALANCE W1748-1 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1748-1 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-1 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 EEC M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2IA M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE X200-4P IRT",
"version": {
"version_data": [
{
@ -215,7 +265,7 @@
}
},
{
"product_name": "SCALANCE X202-2 IRT",
"product_name": "SCALANCE X202-2IRT",
"version": {
"version_data": [
{
@ -225,7 +275,7 @@
}
},
{
"product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
"product_name": "SCALANCE X202-2P IRT",
"version": {
"version_data": [
{
@ -245,27 +295,7 @@
}
},
{
"product_name": "SCALANCE X204 IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204 IRT PRO",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
"product_name": "SCALANCE X204-2",
"version": {
"version_data": [
{
@ -285,7 +315,7 @@
}
},
{
"product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
"product_name": "SCALANCE X204-2LD",
"version": {
"version_data": [
{
@ -314,6 +344,26 @@
]
}
},
{
"product_name": "SCALANCE X204IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204IRT PRO",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X206-1",
"version": {
@ -395,11 +445,81 @@
}
},
{
"product_name": "SCALANCE X302-7EEC",
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -409,27 +529,97 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LDFE",
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2EEC",
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -439,7 +629,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -449,17 +649,37 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2 (incl. SIPLUS NET variant)",
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -469,7 +689,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -479,7 +709,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -489,7 +729,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -499,7 +749,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -509,7 +769,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -519,7 +789,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -529,7 +809,17 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -539,27 +829,47 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1FE",
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-3LDFE",
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -624,16 +934,6 @@
]
}
},
{
"product_name": "SCALANCE XF204 IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
"version": {
@ -654,6 +954,16 @@
]
}
},
{
"product_name": "SCALANCE XF204IRT",
"version": {
"version_data": [
{
"version_value": "All Versions < V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE XF206-1",
"version": {
@ -695,61 +1005,311 @@
}
},
{
"product_name": "SCALANCE XR-300WG",
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.3"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M",
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS",
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC",
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE",
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS",
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
@ -934,6 +1494,16 @@
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SOFTNET-IE PNIO",
"version": {
@ -966,7 +1536,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, RUGGEDCOM RM1224, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3, SCALANCE M876-3 (ROK), SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE S615, SCALANCE W-1700 IEEE 802.11ac family, SCALANCE W-700 IEEE 802.11n family, SCALANCE X200-4 P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2 IRT, SCALANCE X202-2P IRT (incl. SIPLUS NET variant), SCALANCE X202-2P IRT PRO, SCALANCE X204 IRT, SCALANCE X204 IRT PRO, SCALANCE X204-2 (incl. SIPLUS NET variant), SCALANCE X204-2FM, SCALANCE X204-2LD (incl. SIPLUS NET variant), SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X206-1, SCALANCE X206-1LD (incl. SIPLUS NET variant), SCALANCE X208 (incl. SIPLUS NET variant), SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7EEC, SCALANCE X304-2FE, SCALANCE X306-1LDFE, SCALANCE X307-2EEC, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2 (incl. SIPLUS NET variant), SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X320-1FE, SCALANCE X320-3LDFE, SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200BA, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204 IRT, SCALANCE XF204-2 (incl. SIPLUS NET variant), SCALANCE XF204-2BA IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XM400, SCALANCE XP-200, SCALANCE XR-300WG, SCALANCE XR324-12M, SCALANCE XR324-12M TS, SCALANCE XR324-4M EEC, SCALANCE XR324-4M PoE, SCALANCE XR324-4M PoE TS, SCALANCE XR500, SIMATIC CFU PA, SIMATIC CM 1542-1, SIMATIC CP1616/CP1604, SIMATIC CP1626, SIMATIC IE/PB-LINK V3, SIMATIC MV540 H, SIMATIC MV540 S, SIMATIC MV550 H, SIMATIC MV550 S, SIMATIC MV560 U, SIMATIC MV560 X, SIMATIC NET DK-16xx PN IO, SIMATIC PROFINET Driver, SIMATIC Power Line Booster PLB, Base Module, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMOCODE proV Ethernet/IP, SIMOCODE proV PROFINET, SOFTNET-IE PNIO. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device."
"value": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device."
}
]
},

22
2020/7xxx/CVE-2020-7580.json
View File

@ -24,6 +24,26 @@
]
}
},
{
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V16",
"version": {
@ -286,7 +306,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted."
"value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted."
}
]
},

164
2021/31xxx/CVE-2021-31340.json
View File

@ -85,31 +85,181 @@
}
},
{
"product_name": "SIMATIC RF615R",
"product_name": "SIMATIC Reader RF610R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0"
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC RF680R",
"product_name": "SIMATIC Reader RF610R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0"
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC RF685R",
"product_name": "SIMATIC Reader RF610R FCC",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0"
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF615R FCC",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF650R FCC",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF680R FCC",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R ARIB",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R CMIIT",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R ETSI",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
},
{
"product_name": "SIMATIC Reader RF685R FCC",
"version": {
"version_data": [
{
"version_value": "All versions > V3.0 < V4.0"
}
]
}
@ -136,7 +286,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions), SIMATIC RF615R (All versions > V3.0), SIMATIC RF680R (All versions > V3.0), SIMATIC RF685R (All versions > V3.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
"value": "A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation."
}
]
},

20
2021/31xxx/CVE-2021-31344.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -294,22 +294,12 @@
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V1.0.0.0"
}
]
}
},
{
"product_name": "TALON TC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -319,7 +309,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -346,7 +336,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)"
}
]
},

10
2021/31xxx/CVE-2021-31345.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -289,7 +289,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -316,7 +316,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)"
}
]
},

20
2021/31xxx/CVE-2021-31346.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -294,22 +294,12 @@
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V1.0.0.0"
}
]
}
},
{
"product_name": "TALON TC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -319,7 +309,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -346,7 +336,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
}
]
},

10
2021/31xxx/CVE-2021-31881.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -306,7 +306,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)"
}
]
},

10
2021/31xxx/CVE-2021-31882.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -306,7 +306,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)"
}
]
},

10
2021/31xxx/CVE-2021-31883.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -306,7 +306,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)"
}
]
},

10
2021/31xxx/CVE-2021-31884.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -306,7 +306,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)"
}
]
},

10
2021/31xxx/CVE-2021-31885.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -279,7 +279,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -289,7 +289,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -316,7 +316,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)"
}
]
},

10
2021/31xxx/CVE-2021-31886.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -259,7 +259,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -296,7 +296,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)"
}
]
},

10
2021/31xxx/CVE-2021-31887.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -259,7 +259,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -296,7 +296,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
}
]
},

10
2021/31xxx/CVE-2021-31888.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -259,7 +259,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -269,7 +269,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -296,7 +296,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)"
}
]
},

10
2021/31xxx/CVE-2021-31889.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -289,7 +289,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -299,7 +299,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -326,7 +326,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)"
}
]
},

20
2021/31xxx/CVE-2021-31890.json
View File

@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -79,7 +79,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -294,22 +294,12 @@
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions < V1.0.0.0"
}
]
}
},
{
"product_name": "TALON TC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -319,7 +309,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V3.5.4"
}
]
}
@ -346,7 +336,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)"
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)"
}
]
},

4
2021/37xxx/CVE-2021-37194.json
View File

@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V10.3.3.2.14 only if web components are used"
"version_value": "All versions < V10.3.3.3 only if web components are used"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files."
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files."
}
]
},

4
2021/37xxx/CVE-2021-37195.json
View File

@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V10.3.3.2.14 only if web components are used"
"version_value": "All versions < V10.3.3.3 only if web components are used"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment."
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment."
}
]
},

6
2021/37xxx/CVE-2021-37196.json
View File

@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V10.3.3.2.14 only if web components are used"
"version_value": "All versions < V10.3.3.3 only if web components are used"
}
]
}
@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions >= V10.3.3.2.14 only if web components are used"
"version_value": "All versions >= V10.3.3.3 only if web components are used"
}
]
}
@ -76,7 +76,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice."
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice."
}
]
},

4
2021/37xxx/CVE-2021-37197.json
View File

@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V10.3.3.2.14 only if web components are used"
"version_value": "All versions < V10.3.3.3 only if web components are used"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements."
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements."
}
]
},

4
2021/37xxx/CVE-2021-37198.json
View File

@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions < V10.3.3.2.14 only if web components are used"
"version_value": "All versions < V10.3.3.3 only if web components are used"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks."
"value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks."
}
]
},

2
2021/37xxx/CVE-2021-37209.json
View File

@ -586,7 +586,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during\nnetwork transmission could allow an attacker in a privileged position to\nobtain access passwords."
}
]
},

10
2021/40xxx/CVE-2021-40358.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V9.0 SP3 UC04"
}
]
}
@ -75,11 +75,11 @@
}
},
{
"product_name": "SIMATIC WinCC V7.4 and earlier",
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V7.4 SP1 Update 19"
}
]
}
@ -116,7 +116,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files."
}
]
},

140
2021/40xxx/CVE-2021-40359.json
View File

@ -15,7 +15,107 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"product_name": "OpenPCS 7 V8.2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OpenPCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions < V9.0 Upd4"
}
]
}
},
{
"product_name": "OpenPCS 7 V9.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC BATCH V8.2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC BATCH V9.0",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC BATCH V9.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V16",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V17",
"version": {
"version_data": [
{
"version_value": "All versions < V17 SP1"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
@ -29,7 +129,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V9.0 SP3 UC04"
}
]
}
@ -44,6 +144,36 @@
]
}
},
{
"product_name": "SIMATIC Route Control V8.2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC Route Control V9.0",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC Route Control V9.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC V15 and earlier",
"version": {
@ -75,11 +205,11 @@
}
},
{
"product_name": "SIMATIC WinCC V7.4 and earlier",
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V7.4 SP1 Update 19"
}
]
}
@ -116,7 +246,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files."
"value": "A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files."
}
]
},

8
2021/40xxx/CVE-2021-40360.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
@ -75,11 +75,11 @@
}
},
{
"product_name": "SIMATIC WinCC V7.4 and earlier",
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V7.4 SP1 Update 19"
}
]
}
@ -116,7 +116,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server."
}
]
},

8
2021/40xxx/CVE-2021-40363.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
@ -85,11 +85,11 @@
}
},
{
"product_name": "SIMATIC WinCC V7.4 and earlier",
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V7.4 SP1 Update 19"
}
]
}
@ -126,7 +126,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system."
}
]
},

10
2021/40xxx/CVE-2021-40364.json
View File

@ -15,7 +15,7 @@
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2 and earlier",
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
@ -29,7 +29,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V9.0 SP3 UC04"
}
]
}
@ -75,11 +75,11 @@
}
},
{
"product_name": "SIMATIC WinCC V7.4 and earlier",
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V7.4 SP1 Update 19"
}
]
}
@ -116,7 +116,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system."
}
]
},

85
2021/40xxx/CVE-2021-40368.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-40368",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-40368",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V6.0.10"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V10.1"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions < V10.1), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). Affected devices improperly handle specially crafted packets sent to port 102/tcp.\n\nThis could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf"
}
]
}

2
2021/42xxx/CVE-2021-42016.json
View File

@ -586,7 +586,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data.\n\nIf a threat actor were to exploit this, the data integrity and security could be compromised."
}
]
},

2
2021/42xxx/CVE-2021-42017.json
View File

@ -586,7 +586,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2.\n\nIf an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications."
}
]
},

2
2021/42xxx/CVE-2021-42018.json
View File

@ -586,7 +586,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked.\n\nTherefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow."
}
]
},

2
2021/42xxx/CVE-2021-42019.json
View File

@ -586,7 +586,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Within a third-party component, the process to allocate partition size fails to check memory boundaries.\n\nTherefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead."
}
]
},

2
2021/42xxx/CVE-2021-42020.json
View File

@ -586,7 +586,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application."
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names.\n\nIf an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application."
}
]
},

75
2021/42xxx/CVE-2021-42029.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-42029",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V16",
"version": {
"version_data": [
{
"version_value": "All versions < V16 Update 5"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V17",
"version": {
"version_data": [
{
"version_value": "All versions < V17 Update 2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf"
}
]
}

6
2021/44xxx/CVE-2021-44000.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V13.2.0.7"
}
]
}
@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V13.2.0.7"
}
]
}
@ -96,7 +96,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)"
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)"
}
]
},

6
2021/44xxx/CVE-2021-44016.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V13.2.0.7"
}
]
}
@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V13.2.0.7"
}
]
}
@ -96,7 +96,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)"
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)"
}
]
},

6
2021/44xxx/CVE-2021-44018.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V13.2.0.7"
}
]
}
@ -59,7 +59,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions < V13.2.0.7"
}
]
}
@ -96,7 +96,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)"
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)"
}
]
},

16
2021/44xxx/CVE-2021-44478.json
View File

@ -15,11 +15,21 @@
"product": {
"product_data": [
{
"product_name": "Polarion Subversion Webclient",
"product_name": "Polarion ALM",
"version": {
"version_data": [
{
"version_value": "V21 R1"
"version_value": "All versions < V21 R2 P2"
}
]
}
},
{
"product_name": "Polarion WebClient for SVN",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
@ -46,7 +56,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Polarion Subversion Webclient (V21 R1). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges."
"value": "A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product.\n\nAn attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges."
}
]
},

65
2022/23xxx/CVE-2022-23448.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-23448",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23448",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC Energy Manager Basic",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 1"
}
]
}
},
{
"product_name": "SIMATIC Energy Manager PRO",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
}
]
}

65
2022/23xxx/CVE-2022-23449.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-23449",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23449",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC Energy Manager Basic",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 1"
}
]
}
},
{
"product_name": "SIMATIC Energy Manager PRO",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
}
]
}

65
2022/23xxx/CVE-2022-23450.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-23450",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC Energy Manager Basic",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 1"
}
]
}
},
{
"product_name": "SIMATIC Energy Manager PRO",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf"
}
]
}

4
2022/24xxx/CVE-2022-24309.json
View File

@ -39,7 +39,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All deployments with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False"
}
]
}
@ -66,7 +66,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data."
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All deployments with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data."
}
]
},

165
2022/25xxx/CVE-2022-25622.json
View File

@ -1,17 +1,170 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25622",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25622",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC CFU DIQ",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC CFU PA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V2.0.0"
}
]
}
},
{
"product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions < V6.0.10"
}
]
}
},
{
"product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC TDC CP51M1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC TDC CPU555",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinAC RTX",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMIT Simulation Platform",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf"
}
]
}

85
2022/25xxx/CVE-2022-25650.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25650",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Mendix Applications using Mendix 7",
"version": {
"version_data": [
{
"version_value": "All versions < V7.23.27"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 8",
"version": {
"version_data": [
{
"version_value": "All versions < V8.18.14"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 9",
"version": {
"version_data": [
{
"version_value": "All versions < V9.12.0"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 9 (V9.6)",
"version": {
"version_data": [
{
"version_value": "All versions < V9.6.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-870917.pdf"
}
]
}

795
2022/25xxx/CVE-2022-25751.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25751",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/25xxx/CVE-2022-25752.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25752",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/25xxx/CVE-2022-25753.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25753",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/25xxx/CVE-2022-25754.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25754",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/25xxx/CVE-2022-25755.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25755",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25755",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/25xxx/CVE-2022-25756.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25756",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-25756",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are\ntricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/26xxx/CVE-2022-26334.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-26334",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26334",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/26xxx/CVE-2022-26335.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-26335",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26335",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

795
2022/26xxx/CVE-2022-26380.json
View File

@ -1,17 +1,800 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-26380",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26380",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions < V4.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}

75
2022/27xxx/CVE-2022-27194.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-27194",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27194",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS neo (Administration Console)",
"version": {
"version_data": [
{
"version_value": "All versions < V3.1 SP1"
}
]
}
},
{
"product_name": "SINETPLAN",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "TIA Portal",
"version": {
"version_data": [
{
"version_value": "V15, V15.1, V16 and V17"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf"
}
]
}

75
2022/27xxx/CVE-2022-27241.json
View File

@ -1,17 +1,80 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-27241",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Mendix Applications using Mendix 7",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 8",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Mendix Applications using Mendix 9",
"version": {
"version_data": [
{
"version_value": "All versions < V9.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure.\nThis could allow an unauthenticated remote attacker to read confidential information."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf"
}
]
}

65
2022/27xxx/CVE-2022-27480.json
View File

@ -1,17 +1,70 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-27480",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SICAM A8000 CP-8031",
"version": {
"version_data": [
{
"version_value": "All versions < V4.80"
}
]
}
},
{
"product_name": "SICAM A8000 CP-8050",
"version": {
"version_data": [
{
"version_value": "All versions < V4.80"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf"
}
]
}

85
2022/27xxx/CVE-2022-27481.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-27481",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-27481",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE W1788-1 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 EEC M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2IA M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf"
}
]
}

85
2022/28xxx/CVE-2022-28328.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-28328",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE W1788-1 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 EEC M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2IA M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf"
}
]
}

85
2022/28xxx/CVE-2022-28329.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-28329",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28329",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SCALANCE W1788-1 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 EEC M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2 M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
},
{
"product_name": "SCALANCE W1788-2IA M12",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed TCP packets received over the RemoteCapture feature. This could allow an attacker to lead to a denial of service condition which only affects the port used by the RemoteCapture feature."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf"
}
]
}

55
2022/28xxx/CVE-2022-28661.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-28661",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28661",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Simcenter Femap",
"version": {
"version_data": [
{
"version_value": "All versions < V2022.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-998762.pdf"
}
]
}

55
2022/28xxx/CVE-2022-28662.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-28662",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Simcenter Femap",
"version": {
"version_data": [
{
"version_value": "All versions < V2022.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-998762.pdf"
}
]
}

55
2022/28xxx/CVE-2022-28663.json
View File

@ -1,17 +1,60 @@
{
"data_type": "CVE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-28663",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Simcenter Femap",
"version": {
"version_data": [
{
"version_value": "All versions < V2022.1.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592)"
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-998762.pdf"
}
]
}