From cb85bd5c1eef7950ac277c176fc954cf6040a949 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 11 Jun 2021 16:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/12xxx/CVE-2020-12500.json | 100 +++++++++++-- 2020/12xxx/CVE-2020-12501.json | 190 +++++++++++++++++-------- 2020/12xxx/CVE-2020-12502.json | 205 +++++++++++++++++--------- 2020/12xxx/CVE-2020-12503.json | 253 +++++++++++++++++++++------------ 2020/12xxx/CVE-2020-12504.json | 205 +++++++++++++++++--------- 2020/13xxx/CVE-2020-13663.json | 4 +- 2020/13xxx/CVE-2020-13688.json | 4 +- 2021/20xxx/CVE-2021-20587.json | 4 +- 2021/20xxx/CVE-2021-20588.json | 4 +- 2021/20xxx/CVE-2021-20591.json | 55 ++++++- 2021/22xxx/CVE-2021-22175.json | 90 +++++++++++- 2021/22xxx/CVE-2021-22181.json | 85 ++++++++++- 2021/22xxx/CVE-2021-22749.json | 50 ++++++- 2021/22xxx/CVE-2021-22750.json | 50 ++++++- 2021/22xxx/CVE-2021-22751.json | 50 ++++++- 2021/22xxx/CVE-2021-22752.json | 50 ++++++- 2021/22xxx/CVE-2021-22753.json | 50 ++++++- 2021/22xxx/CVE-2021-22754.json | 50 ++++++- 2021/22xxx/CVE-2021-22755.json | 50 ++++++- 2021/22xxx/CVE-2021-22756.json | 50 ++++++- 2021/22xxx/CVE-2021-22757.json | 50 ++++++- 2021/22xxx/CVE-2021-22758.json | 50 ++++++- 2021/22xxx/CVE-2021-22759.json | 50 ++++++- 2021/22xxx/CVE-2021-22760.json | 50 ++++++- 2021/22xxx/CVE-2021-22761.json | 50 ++++++- 2021/22xxx/CVE-2021-22762.json | 50 ++++++- 2021/22xxx/CVE-2021-22763.json | 50 ++++++- 2021/22xxx/CVE-2021-22764.json | 50 ++++++- 2021/22xxx/CVE-2021-22765.json | 50 ++++++- 2021/22xxx/CVE-2021-22766.json | 50 ++++++- 2021/22xxx/CVE-2021-22767.json | 50 ++++++- 2021/22xxx/CVE-2021-22768.json | 50 ++++++- 2021/22xxx/CVE-2021-22769.json | 50 ++++++- 33 files changed, 1865 insertions(+), 384 deletions(-) diff --git a/2020/12xxx/CVE-2020-12500.json b/2020/12xxx/CVE-2020-12500.json index b1bc50413fd..de939f8122c 100644 --- a/2020/12xxx/CVE-2020-12500.json +++ b/2020/12xxx/CVE-2020-12500.json @@ -10,11 +10,9 @@ "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-10-07T13:10:00.000Z", "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products", - "AKA": "", "STATE": "PUBLIC" }, "source": { - "defect": [], "advisory": "VDE-2020-040", "discovery": "EXTERNAL" }, @@ -26,14 +24,90 @@ "product": { "product_data": [ { - "product_name": "P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT", + "product_name": "P+F Comtrol RocketLinx", "version": { "version_data": [ { - "version_name": "All", + "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT", "version_affected": "=", "version_value": "all", "platform": "" + }, + { + "version_name": "ES7510-XT", + "version_affected": "<", + "version_value": "2.1.1", + "platform": "" + }, + { + "version_name": "ES8510", + "version_affected": "<", + "version_value": "3.1.1", + "platform": "" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Korenix", + "product": { + "product_data": [ + { + "product_name": "JetNet", + "version": { + "version_data": [ + { + "version_name": "5428G-20SFP", + "version_affected": "<=", + "version_value": "V1.0", + "platform": "" + }, + { + "version_name": "5810G", + "version_affected": "<=", + "version_value": "V1.1", + "platform": "" + }, + { + "version_name": "4706F", + "version_affected": "<=", + "version_value": "V2.3b", + "platform": "" + }, + { + "version_name": "4510", + "version_affected": "<=", + "version_value": "V3.0b", + "platform": "" + }, + { + "version_name": "5310", + "version_affected": "<", + "version_value": "V1.6", + "platform": "" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Westermo", + "product": { + "product_data": [ + { + "product_name": "PMI-110-F2G", + "version": { + "version_data": [ + { + "version_name": "", + "version_affected": "<", + "version_value": "V1.8", + "platform": "" } ] } @@ -50,7 +124,7 @@ "description": [ { "lang": "eng", - "value": "CWE-285 Improper Authorization" + "value": "CWE-863 Incorrect Authorization" } ] } @@ -73,17 +147,21 @@ }, { "refsource": "FULLDISC", - "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series", - "url": "http://seclists.org/fulldisclosure/2021/Jun/0" + "url": "http://seclists.org/fulldisclosure/2021/Jun/0", + "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series" }, { "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", - "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" + "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", + "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" + }, + { + "refsource": "CONFIRM", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/", + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/" } ] }, - "configuration": [], "impact": { "cvss": { "version": "3.1", @@ -100,8 +178,6 @@ "baseSeverity": "CRITICAL" } }, - "exploit": [], - "work_around": [], "solution": [ { "lang": "eng", diff --git a/2020/12xxx/CVE-2020-12501.json b/2020/12xxx/CVE-2020-12501.json index 106a53ed429..44f5a5fff06 100644 --- a/2020/12xxx/CVE-2020-12501.json +++ b/2020/12xxx/CVE-2020-12501.json @@ -1,49 +1,143 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, "CVE_data_meta": { - "ID": "CVE-2020-12501", "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-10-07T13:10:00.000Z", - "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "VDE-2020-040", - "discovery": "EXTERNAL" + "ID": "CVE-2020-12501", + "STATE": "PUBLIC", + "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Pepperl+Fuchs", "product": { "product_data": [ { - "product_name": "P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT", + "product_name": "P+F Comtrol RocketLinx", "version": { "version_data": [ { - "version_name": "All", "version_affected": "=", - "version_value": "all", - "platform": "" + "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT", + "version_value": "all" + }, + { + "version_affected": "<", + "version_name": "ES7510-XT", + "version_value": "2.1.1" + }, + { + "version_affected": "<", + "version_name": "ES8510", + "version_value": "3.1.1" } ] } } ] - } + }, + "vendor_name": "Pepperl+Fuchs" + }, + { + "product": { + "product_data": [ + { + "product_name": "JetNet", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5428G-20SFP", + "version_value": "V1.0" + }, + { + "version_affected": "<=", + "version_name": "5810G", + "version_value": "V1.1" + }, + { + "version_affected": "<=", + "version_name": "4706F", + "version_value": "V2.3b" + }, + { + "version_affected": "<=", + "version_name": "4510", + "version_value": "V3.0b" + }, + { + "version_affected": "<", + "version_name": "5310", + "version_value": "V1.6" + } + ] + } + } + ] + }, + "vendor_name": "Korenix" + }, + { + "product": { + "product_data": [ + { + "product_name": "PMI-110-F2G", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V1.8" + } + ] + } + } + ] + }, + "vendor_name": "Westermo" } ] } }, + "credit": [ + { + "lang": "eng", + "value": "T. Weber (SEC Consult Vulnerability Lab)" + }, + { + "lang": "eng", + "value": "Coordinated by CERT@VDE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { @@ -56,66 +150,38 @@ } ] }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts." - } - ] - }, "references": { "reference_data": [ { + "name": "https://cert.vde.com/de-de/advisories/vde-2020-040", "refsource": "CONFIRM", - "url": "https://cert.vde.com/de-de/advisories/vde-2020-040", - "name": "https://cert.vde.com/de-de/advisories/vde-2020-040" + "url": "https://cert.vde.com/de-de/advisories/vde-2020-040" }, { - "refsource": "FULLDISC", "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series", + "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jun/0" }, { - "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", + "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" + }, + { + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/", + "refsource": "CONFIRM", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/" } ] }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - } - }, - "exploit": [], - "work_around": [], "solution": [ { "lang": "eng", "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people." } ], - "credit": [ - { - "lang": "eng", - "value": "T. Weber (SEC Consult Vulnerability Lab)" - }, - { - "lang": "eng", - "value": "Coordinated by CERT@VDE" - } - ] + "source": { + "advisory": "VDE-2020-040", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12502.json b/2020/12xxx/CVE-2020-12502.json index db3710f38e9..2d1346a2381 100644 --- a/2020/12xxx/CVE-2020-12502.json +++ b/2020/12xxx/CVE-2020-12502.json @@ -1,39 +1,35 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, "CVE_data_meta": { - "ID": "CVE-2020-12502", "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-10-07T13:10:00.000Z", - "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "VDE-2020-040", - "discovery": "EXTERNAL" + "ID": "CVE-2020-12502", + "STATE": "PUBLIC", + "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Pepperl+Fuchs", "product": { "product_data": [ { - "product_name": "P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT", + "product_name": "P+F Comtrol RocketLinx", "version": { "version_data": [ { - "version_name": "All", "version_affected": "=", - "version_value": "all", - "platform": "" + "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT", + "version_value": "all" + }, + { + "version_affected": "<", + "version_name": "ES7510-XT", + "version_value": "2.1.1" + }, + { + "version_affected": "<", + "version_name": "ES8510", + "version_value": "3.1.1" } ] } @@ -43,26 +39,122 @@ "version": { "version_data": [ { - "version_name": "ICRL-M-8RJ45/4SFP-G-DIN", "version_affected": "<=", - "version_value": "1.2.3", - "platform": "" + "version_name": "ICRL-M-8RJ45/4SFP-G-DIN", + "version_value": "1.2.3" }, { - "version_name": "ICRL-M-16RJ45/4CP-G-DIN", "version_affected": "<=", - "version_value": "1.2.3", - "platform": "" + "version_name": "ICRL-M-16RJ45/4CP-G-DIN", + "version_value": "1.2.3" } ] } } ] - } + }, + "vendor_name": "Pepperl+Fuchs" + }, + { + "product": { + "product_data": [ + { + "product_name": "JetNet", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5428G-20SFP", + "version_value": "V1.0" + }, + { + "version_affected": "<=", + "version_name": "5810G", + "version_value": "V1.1" + }, + { + "version_affected": "<=", + "version_name": "4706F", + "version_value": "V2.3b" + }, + { + "version_affected": "<=", + "version_name": "4510", + "version_value": "V3.0b" + }, + { + "version_affected": "<", + "version_name": "5310", + "version_value": "V1.6" + } + ] + } + } + ] + }, + "vendor_name": "Korenix" + }, + { + "product": { + "product_data": [ + { + "product_name": "PMI-110-F2G", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V1.8" + } + ] + } + } + ] + }, + "vendor_name": "Westermo" } ] } }, + "credit": [ + { + "lang": "eng", + "value": "T. Weber (SEC Consult Vulnerability Lab)" + }, + { + "lang": "eng", + "value": "Coordinated by CERT@VDE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { @@ -75,66 +167,43 @@ } ] }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to unauthenticated device administration." - } - ] - }, "references": { "reference_data": [ { + "name": "https://cert.vde.com/de-de/advisories/vde-2020-040", "refsource": "CONFIRM", - "url": "https://cert.vde.com/de-de/advisories/vde-2020-040", - "name": "https://cert.vde.com/de-de/advisories/vde-2020-040" + "url": "https://cert.vde.com/de-de/advisories/vde-2020-040" }, { - "refsource": "FULLDISC", "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series", + "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jun/0" }, { - "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", + "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" + }, + { + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/", + "refsource": "CONFIRM", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2020-053", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2020-053" } ] }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 8.8, - "baseSeverity": "HIGH" - } - }, - "exploit": [], - "work_around": [], "solution": [ { "lang": "eng", "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people." } ], - "credit": [ - { - "lang": "eng", - "value": "T. Weber (SEC Consult Vulnerability Lab)" - }, - { - "lang": "eng", - "value": "Coordinated by CERT@VDE" - } - ] + "source": { + "advisory": "VDE-2020-040", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12503.json b/2020/12xxx/CVE-2020-12503.json index 84e35462b56..89c08deb706 100644 --- a/2020/12xxx/CVE-2020-12503.json +++ b/2020/12xxx/CVE-2020-12503.json @@ -1,39 +1,35 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, "CVE_data_meta": { - "ID": "CVE-2020-12503", "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-10-07T13:10:00.000Z", - "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "VDE-2020-040", - "discovery": "EXTERNAL" + "ID": "CVE-2020-12503", + "STATE": "PUBLIC", + "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Pepperl+Fuchs", "product": { "product_data": [ { - "product_name": "P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT", + "product_name": "P+F Comtrol RocketLinx", "version": { "version_data": [ { - "version_name": "All", "version_affected": "=", - "version_value": "all", - "platform": "" + "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT", + "version_value": "all" + }, + { + "version_affected": "<", + "version_name": "ES7510-XT", + "version_value": "2.1.1" + }, + { + "version_affected": "<", + "version_name": "ES8510", + "version_value": "3.1.1" } ] } @@ -43,90 +39,82 @@ "version": { "version_data": [ { - "version_name": "ICRL-M-8RJ45/4SFP-G-DIN", "version_affected": "<=", - "version_value": "1.2.3", - "platform": "" + "version_name": "ICRL-M-8RJ45/4SFP-G-DIN", + "version_value": "1.2.3" }, { - "version_name": "ICRL-M-16RJ45/4CP-G-DIN", "version_affected": "<=", - "version_value": "1.2.3", - "platform": "" + "version_name": "ICRL-M-16RJ45/4CP-G-DIN", + "version_value": "1.2.3" } ] } } ] - } + }, + "vendor_name": "Pepperl+Fuchs" + }, + { + "product": { + "product_data": [ + { + "product_name": "JetNet", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5428G-20SFP", + "version_value": "V1.0" + }, + { + "version_affected": "<=", + "version_name": "5810G", + "version_value": "V1.1" + }, + { + "version_affected": "<=", + "version_name": "4706F", + "version_value": "V2.3b" + }, + { + "version_affected": "<=", + "version_name": "4510", + "version_value": "V3.0b" + }, + { + "version_affected": "<", + "version_name": "5310", + "version_value": "V1.6" + } + ] + } + } + ] + }, + "vendor_name": "Korenix" + }, + { + "product": { + "product_data": [ + { + "product_name": "PMI-110-F2G", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V1.8" + } + ] + } + } + ] + }, + "vendor_name": "Westermo" } ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20 Improper Input Validation" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://cert.vde.com/de-de/advisories/vde-2020-040", - "name": "https://cert.vde.com/de-de/advisories/vde-2020-040" - }, - { - "refsource": "FULLDISC", - "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series", - "url": "http://seclists.org/fulldisclosure/2021/Jun/0" - }, - { - "refsource": "MISC", - "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", - "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "HIGH", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 7.2, - "baseSeverity": "HIGH" - } - }, - "exploit": [], - "work_around": [], - "solution": [ - { - "lang": "eng", - "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people." - } - ], "credit": [ { "lang": "eng", @@ -136,5 +124,86 @@ "lang": "eng", "value": "Coordinated by CERT@VDE" } - ] + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert.vde.com/de-de/advisories/vde-2020-040", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/de-de/advisories/vde-2020-040" + }, + { + "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2021/Jun/0" + }, + { + "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" + }, + { + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/", + "refsource": "CONFIRM", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2020-053", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2020-053" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people." + } + ], + "source": { + "advisory": "VDE-2020-040", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12504.json b/2020/12xxx/CVE-2020-12504.json index 74bad3291b7..1a4a55d1693 100644 --- a/2020/12xxx/CVE-2020-12504.json +++ b/2020/12xxx/CVE-2020-12504.json @@ -1,39 +1,35 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.9" - }, "CVE_data_meta": { - "ID": "CVE-2020-12504", "ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2020-10-07T13:10:00.000Z", - "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [], - "advisory": "VDE-2020-040", - "discovery": "EXTERNAL" + "ID": "CVE-2020-12504", + "STATE": "PUBLIC", + "TITLE": "Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products" }, "affects": { "vendor": { "vendor_data": [ { - "vendor_name": "Pepperl+Fuchs", "product": { "product_data": [ { - "product_name": "P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT", + "product_name": "P+F Comtrol RocketLinx", "version": { "version_data": [ { - "version_name": "All", "version_affected": "=", - "version_value": "all", - "platform": "" + "version_name": "ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510-XTE, ES9528/ES9528-XT", + "version_value": "all" + }, + { + "version_affected": "<", + "version_name": "ES7510-XT", + "version_value": "2.1.1" + }, + { + "version_affected": "<", + "version_name": "ES8510", + "version_value": "3.1.1" } ] } @@ -43,26 +39,122 @@ "version": { "version_data": [ { - "version_name": "ICRL-M-8RJ45/4SFP-G-DIN", "version_affected": "<=", - "version_value": "1.2.3", - "platform": "" + "version_name": "ICRL-M-8RJ45/4SFP-G-DIN", + "version_value": "1.2.3" }, { - "version_name": "ICRL-M-16RJ45/4CP-G-DIN", "version_affected": "<=", - "version_value": "1.2.3", - "platform": "" + "version_name": "ICRL-M-16RJ45/4CP-G-DIN", + "version_value": "1.2.3" } ] } } ] - } + }, + "vendor_name": "Pepperl+Fuchs" + }, + { + "product": { + "product_data": [ + { + "product_name": "JetNet", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5428G-20SFP", + "version_value": "V1.0" + }, + { + "version_affected": "<=", + "version_name": "5810G", + "version_value": "V1.1" + }, + { + "version_affected": "<=", + "version_name": "4706F", + "version_value": "V2.3b" + }, + { + "version_affected": "<=", + "version_name": "4510", + "version_value": "V3.0b" + }, + { + "version_affected": "<", + "version_name": "5310", + "version_value": "V1.6" + } + ] + } + } + ] + }, + "vendor_name": "Korenix" + }, + { + "product": { + "product_data": [ + { + "product_name": "PMI-110-F2G", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "V1.8" + } + ] + } + } + ] + }, + "vendor_name": "Westermo" } ] } }, + "credit": [ + { + "lang": "eng", + "value": "T. Weber (SEC Consult Vulnerability Lab)" + }, + { + "lang": "eng", + "value": "Coordinated by CERT@VDE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { @@ -75,66 +167,43 @@ } ] }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service." - } - ] - }, "references": { "reference_data": [ { + "name": "https://cert.vde.com/de-de/advisories/vde-2020-040", "refsource": "CONFIRM", - "url": "https://cert.vde.com/de-de/advisories/vde-2020-040", - "name": "https://cert.vde.com/de-de/advisories/vde-2020-040" + "url": "https://cert.vde.com/de-de/advisories/vde-2020-040" }, { - "refsource": "FULLDISC", "name": "20210601 SEC Consult SA-20210601-0 :: Multiple critical vulnerabilities in Korenix Technology JetNet Series", + "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Jun/0" }, { - "refsource": "MISC", "name": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html", + "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html" + }, + { + "name": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/", + "refsource": "CONFIRM", + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/" + }, + { + "name": "https://cert.vde.com/en-us/advisories/vde-2020-053", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/en-us/advisories/vde-2020-053" } ] }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.1", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - } - }, - "exploit": [], - "work_around": [], "solution": [ { "lang": "eng", "value": "For ICRL-M-8RJ45/4SFP-G-DIN and ICRL-M-16RJ45/4CP-G-DIN:\nUpdate to Firmware 1.3.1 and deactivate TFTP-Service.\n\nFor all other devices:\nAn external protective measure is required.\n\n1) Traffic from untrusted networks to the device should be blocked by a firewall. Especially\ntraffic targeting the administration webpage.\n\n2) Administrator and user access should be protected by a secure password and only be\navailable to a very limited group of people." } ], - "credit": [ - { - "lang": "eng", - "value": "T. Weber (SEC Consult Vulnerability Lab)" - }, - { - "lang": "eng", - "value": "Coordinated by CERT@VDE" - } - ] + "source": { + "advisory": "VDE-2020-040", + "discovery": "EXTERNAL" + } } \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13663.json b/2020/13xxx/CVE-2020-13663.json index 409074047b6..fc83ef639c9 100644 --- a/2020/13xxx/CVE-2020-13663.json +++ b/2020/13xxx/CVE-2020-13663.json @@ -51,7 +51,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.\n\n" + "value": "Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities." } ] }, @@ -76,4 +76,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2020/13xxx/CVE-2020-13688.json b/2020/13xxx/CVE-2020-13688.json index fec51d905ec..eb72dce7985 100644 --- a/2020/13xxx/CVE-2020-13688.json +++ b/2020/13xxx/CVE-2020-13688.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.\nThis issue affects:\nDrupal Core\n8.8.X versions prior to 8.8.10;\n8.9.X versions prior to 8.9.6;\n9.0.X versions prior to 9.0.6." + "value": "Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6." } ] }, @@ -71,4 +71,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2021/20xxx/CVE-2021-20587.json b/2021/20xxx/CVE-2021-20587.json index 6471ac76d06..777a3d1cd20 100644 --- a/2021/20xxx/CVE-2021-20587.json +++ b/2021/20xxx/CVE-2021-20587.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions" + "version_value": "C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer versions 1.53F and prior, RT ToolBox2 all versions, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions" } ] } @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets." + "value": "Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer versions 1.53F and prior, RT ToolBox2 all versions, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets." } ] } diff --git a/2021/20xxx/CVE-2021-20588.json b/2021/20xxx/CVE-2021-20588.json index a01ddbff67e..1808c8917ef 100644 --- a/2021/20xxx/CVE-2021-20588.json +++ b/2021/20xxx/CVE-2021-20588.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions" + "version_value": "C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer versions 1.53F and prior, RT ToolBox2 all versions, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions" } ] } @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets." + "value": "Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior, Data Transfer versions 3.44W and prior, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 versions 1.24A and prior, GT Designer3 Version1(GOT1000) versions 1.250L and prior, GT Designer3 Version1(GOT2000) versions 1.250L and prior, GT SoftGOT1000 Version3 versions 3.245F and prior, GT SoftGOT2000 Version1 versions 1.250L and prior, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer versions 1.115U and prior, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, iQ Monozukuri ANDON (Data Transfer) all versions, iQ Monozukuri Process Remote Monitoring (Data Transfer) all versions, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer versions 1.53F and prior, RT ToolBox2 all versions, RT ToolBox3 versions 1.82L and prior, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets." } ] } diff --git a/2021/20xxx/CVE-2021-20591.json b/2021/20xxx/CVE-2021-20591.json index 6f1e4eab4fa..bff9bb73535 100644 --- a/2021/20xxx/CVE-2021-20591.json +++ b/2021/20xxx/CVE-2021-20591.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MELSEC iQ-R series CPU modules", + "version": { + "version_data": [ + { + "version_value": "R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-003_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU98060539/index.html", + "url": "https://jvn.jp/vu/JVNVU98060539/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all versions, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to prevent legitimate clients from connecting to the MELSOFT transmission port (TCP/IP) by not closing a connection properly, which may lead to a denial of service (DoS) condition." } ] } diff --git a/2021/22xxx/CVE-2021-22175.json b/2021/22xxx/CVE-2021-22175.json index 5f9711ff7e2..c3913ef71e2 100644 --- a/2021/22xxx/CVE-2021-22175.json +++ b/2021/22xxx/CVE-2021-22175.json @@ -4,15 +4,97 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22175", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=10.5, <13.6.7" + }, + { + "version_value": ">=13.7, <13.7.7" + }, + { + "version_value": ">=13.8, <13.8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side request forgery (ssrf) in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/294178", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/294178", + "refsource": "MISC" + }, + { + "name": "https://hackerone.com/reports/1059596", + "url": "https://hackerone.com/reports/1059596", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled" } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks [@myster](https://hackerone.com/myster?type=user) for reporting this vulnerability through our HackerOne bug bounty program" + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22181.json b/2021/22xxx/CVE-2021-22181.json index 067741c6940..3ca1ab44ac3 100644 --- a/2021/22xxx/CVE-2021-22181.json +++ b/2021/22xxx/CVE-2021-22181.json @@ -4,15 +4,92 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22181", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@gitlab.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": ">=11.8, <13.10.5" + }, + { + "version_value": ">=13.11, <13.11.5" + }, + { + "version_value": ">=13.12, <13.12.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled resource consumption in GitLab" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/249100", + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/249100", + "refsource": "MISC" + }, + { + "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22181.json", + "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22181.json", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources." } ] - } + }, + "impact": { + "cvss": { + "vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1", + "baseScore": 7.7, + "baseSeverity": "HIGH" + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability has been discovered internally by the GitLab team" + } + ] } \ No newline at end of file diff --git a/2021/22xxx/CVE-2021-22749.json b/2021/22xxx/CVE-2021-22749.json index 7d0ff3e7c7f..164472a34ea 100644 --- a/2021/22xxx/CVE-2021-22749.json +++ b/2021/22xxx/CVE-2021-22749.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22749", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior", + "version": { + "version_data": [ + { + "version_value": "Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module." } ] } diff --git a/2021/22xxx/CVE-2021-22750.json b/2021/22xxx/CVE-2021-22750.json index 14941bca9ae..bd214cb9052 100644 --- a/2021/22xxx/CVE-2021-22750.json +++ b/2021/22xxx/CVE-2021-22750.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22750", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21041 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21041 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22751.json b/2021/22xxx/CVE-2021-22751.json index 19fbbec04be..6473dc24228 100644 --- a/2021/22xxx/CVE-2021-22751.json +++ b/2021/22xxx/CVE-2021-22751.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22751", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22752.json b/2021/22xxx/CVE-2021-22752.json index a7cc34ff848..62158482ef1 100644 --- a/2021/22xxx/CVE-2021-22752.json +++ b/2021/22xxx/CVE-2021-22752.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22752", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22753.json b/2021/22xxx/CVE-2021-22753.json index 46e1eef6d29..d5a9d2dd006 100644 --- a/2021/22xxx/CVE-2021-22753.json +++ b/2021/22xxx/CVE-2021-22753.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22753", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds read " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22754.json b/2021/22xxx/CVE-2021-22754.json index 679972f73d6..b262883a9a5 100644 --- a/2021/22xxx/CVE-2021-22754.json +++ b/2021/22xxx/CVE-2021-22754.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22755.json b/2021/22xxx/CVE-2021-22755.json index bfa9786dab4..284715f5d60 100644 --- a/2021/22xxx/CVE-2021-22755.json +++ b/2021/22xxx/CVE-2021-22755.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22755", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22756.json b/2021/22xxx/CVE-2021-22756.json index bc01295b869..1e12f0ba1ba 100644 --- a/2021/22xxx/CVE-2021-22756.json +++ b/2021/22xxx/CVE-2021-22756.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22756", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds read " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22757.json b/2021/22xxx/CVE-2021-22757.json index c67f78c5fa0..c93b8bb7023 100644 --- a/2021/22xxx/CVE-2021-22757.json +++ b/2021/22xxx/CVE-2021-22757.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22757", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds read " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22758.json b/2021/22xxx/CVE-2021-22758.json index ccbfefe9a2b..789ef5fe74d 100644 --- a/2021/22xxx/CVE-2021-22758.json +++ b/2021/22xxx/CVE-2021-22758.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22758", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of uninitialized pointer " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22759.json b/2021/22xxx/CVE-2021-22759.json index 046d33f94e7..514ebf67370 100644 --- a/2021/22xxx/CVE-2021-22759.json +++ b/2021/22xxx/CVE-2021-22759.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22759", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22760.json b/2021/22xxx/CVE-2021-22760.json index ae7ec2cc257..82ab996b20a 100644 --- a/2021/22xxx/CVE-2021-22760.json +++ b/2021/22xxx/CVE-2021-22760.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-763: Release of invalid pointer or reference " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22761.json b/2021/22xxx/CVE-2021-22761.json index 1a9cbdc6bf7..090304751db 100644 --- a/2021/22xxx/CVE-2021-22761.json +++ b/2021/22xxx/CVE-2021-22761.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22762.json b/2021/22xxx/CVE-2021-22762.json index f6ab203914d..9b9761f2811 100644 --- a/2021/22xxx/CVE-2021-22762.json +++ b/2021/22xxx/CVE-2021-22762.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior", + "version": { + "version_data": [ + { + "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WE-22: Improper Limitation of a Pathname to a Restricted Directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition." } ] } diff --git a/2021/22xxx/CVE-2021-22763.json b/2021/22xxx/CVE-2021-22763.json index d98bed75a9b..3f00da3df94 100644 --- a/2021/22xxx/CVE-2021-22763.json +++ b/2021/22xxx/CVE-2021-22763.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) ", + "version": { + "version_data": [ + { + "version_value": "PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device." } ] } diff --git a/2021/22xxx/CVE-2021-22764.json b/2021/22xxx/CVE-2021-22764.json index 7e997393c68..498f671a6bd 100644 --- a/2021/22xxx/CVE-2021-22764.json +++ b/2021/22xxx/CVE-2021-22764.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22764", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation) ", + "version": { + "version_data": [ + { + "version_value": "PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02,http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request." } ] } diff --git a/2021/22xxx/CVE-2021-22765.json b/2021/22xxx/CVE-2021-22765.json index f07b6a89c85..ac404db0187 100644 --- a/2021/22xxx/CVE-2021-22765.json +++ b/2021/22xxx/CVE-2021-22765.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22765", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet." } ] } diff --git a/2021/22xxx/CVE-2021-22766.json b/2021/22xxx/CVE-2021-22766.json index 6072c4ec39f..460bfbc37b5 100644 --- a/2021/22xxx/CVE-2021-22766.json +++ b/2021/22xxx/CVE-2021-22766.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22766", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet." } ] } diff --git a/2021/22xxx/CVE-2021-22767.json b/2021/22xxx/CVE-2021-22767.json index 97b16533b11..8a720583d28 100644 --- a/2021/22xxx/CVE-2021-22767.json +++ b/2021/22xxx/CVE-2021-22767.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22767", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22768" } ] } diff --git a/2021/22xxx/CVE-2021-22768.json b/2021/22xxx/CVE-2021-22768.json index 63c36473a86..b7be5717385 100644 --- a/2021/22xxx/CVE-2021-22768.json +++ b/2021/22xxx/CVE-2021-22768.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22768", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)", + "version": { + "version_data": [ + { + "version_value": "PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767." } ] } diff --git a/2021/22xxx/CVE-2021-22769.json b/2021/22xxx/CVE-2021-22769.json index 0e47ede1c56..a7b16978bbe 100644 --- a/2021/22xxx/CVE-2021-22769.json +++ b/2021/22xxx/CVE-2021-22769.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22769", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Enerlin\u00d5X Com\u00d5X versions prior to V6.8.4", + "version": { + "version_data": [ + { + "version_value": "Enerlin\u00d5X Com\u00d5X versions prior to V6.8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06", + "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-06" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-269: Improper Privilege Management vulnerability exists in Enerlin\u00d5X Com\u00d5X versions prior to V6.8.4 that could cause disclosure of device configuration information to any authenticated user when a specially crafted request is sent to the device." } ] }