mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-12 02:05:39 +00:00
Siemens AD-2022-07
This commit is contained in:
Siemens ProductCERT
parent
29efaf7695
commit
cbad047912
File diff suppressed because it is too large
Load Diff
@ -19,7 +19,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2.9.4"
|
||||
"version_value": "All versions >= V2.9.2 < V2.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -29,7 +29,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions >= V21.9 < V21.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,7 +59,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions >= V21.9 < V21.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -69,7 +69,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.0 SP1"
|
||||
"version_value": "All versions >= V4.0 < V4.0 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -106,7 +106,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations."
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -19,13 +19,53 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2.9.4"
|
||||
"version_value": "All versions < V2.9.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC Drive Controller family",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.9.2 < V2.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V21.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V21.9 < V21.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -34,6 +74,16 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.5.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
@ -44,6 +94,16 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2.9.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
|
||||
"version": {
|
||||
@ -59,7 +119,17 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions < V21.9"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-1500 Software Controller",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V21.9 < V21.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -69,7 +139,17 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.0 SP1"
|
||||
"version_value": "All versions < V4.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC S7-PLCSIM Advanced",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V4.0 < V4.0 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -106,7 +186,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations."
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2.9.4"
|
||||
"version_value": "All versions >= V2.9.2 < V2.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -29,7 +29,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions >= V21.9 < V21.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -59,7 +59,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions >= V21.9 < V21.9.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -69,7 +69,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.0 SP1"
|
||||
"version_value": "All versions >= V4.0 < V4.0 SP1"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -106,7 +106,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations."
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V21.9 < V21.9.4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions >= V21.9 < V21.9.4), SIMATIC S7-PLCSIM Advanced (All versions >= V4.0 < V4.0 SP1), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -99,7 +99,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions < V16 Update 6"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -246,7 +246,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files."
|
||||
"value": "A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2021-44221",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-44221",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC eaSie Core Package",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V22.00"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20: Improper Input Validation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2021-44222",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2021-44222",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC eaSie Core Package",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V22.00"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306: Missing Authentication for Critical Function"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -284,12 +284,22 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS DCM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS G110M",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -299,7 +309,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -309,7 +319,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -334,6 +344,16 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS S110",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS S120 (incl. SIPLUS variants)",
|
||||
"version": {
|
||||
@ -364,6 +384,16 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SINAMICS V90",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions with Ethernet interface"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS HCS4200 CIM4210",
|
||||
"version": {
|
||||
@ -426,7 +456,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= 4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions), SINAMICS G110M (All versions), SINAMICS G115D (All versions), SINAMICS G120 (incl. SIPLUS variants) (All versions), SINAMICS G130 (All versions), SINAMICS G150 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions), SINAMICS S150 (All versions), SINAMICS S210 (All versions), SIPLUS HCS4200 CIM4210 (All versions), SIPLUS HCS4200 CIM4210C (All versions), SIPLUS HCS4300 CIM4310 (All versions), SIPLUS NET PN/PN Coupler (All versions >= 4.2). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
|
||||
"value": "A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= 4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions), SINAMICS DCM (All versions with Ethernet interface), SINAMICS G110M (All versions with Ethernet interface), SINAMICS G115D (All versions with Ethernet interface), SINAMICS G120 (incl. SIPLUS variants) (All versions with Ethernet interface), SINAMICS G130 (All versions), SINAMICS G150 (All versions), SINAMICS S110 (All versions with Ethernet interface), SINAMICS S120 (incl. SIPLUS variants) (All versions), SINAMICS S150 (All versions), SINAMICS S210 (All versions), SINAMICS V90 (All versions with Ethernet interface), SIPLUS HCS4200 CIM4210 (All versions), SIPLUS HCS4200 CIM4210C (All versions), SIPLUS HCS4300 CIM4310 (All versions), SIPLUS NET PN/PN Coupler (All versions >= 4.2). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.\n\nThis could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,430 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-26647",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-26647",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SCALANCE X200-4P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X200-4P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2FM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2LD TS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2TS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X206-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X206-1LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X208",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X208PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X212-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X212-2LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X216",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X224",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204-2BA IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF206-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF208",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-330: Use of Insufficiently Random Values"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,430 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-26648",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-26648",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SCALANCE X200-4P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X200-4P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2FM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2LD TS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2TS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X206-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X206-1LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X208",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X208PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X212-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X212-2LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X216",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X224",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204-2BA IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF206-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF208",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,430 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-26649",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-26649",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SCALANCE X200-4P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X200-4P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X201-3P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X202-2P IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2FM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2LD TS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204-2TS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X204IRT PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X206-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X206-1LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X208",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X208PRO",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X212-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X212-2LD",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X216",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE X224",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF201-3P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF202-2P IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204-2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204-2BA IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF204IRT",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF206-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SCALANCE XF208",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.2.6"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -49,7 +49,7 @@
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
"version_value": "All versions < V9.6.12"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -76,7 +76,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information."
|
||||
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). Applications built with an affected system publicly expose the internal project structure.\nThis could allow an unauthenticated remote attacker to read confidential information."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,160 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-29560",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-29560",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX MX5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX MX5000RE",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1400",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1500",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1501",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1510",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1511",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1512",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1524",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX1536",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROX RX5000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < 2.15.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-29884",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-29884",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < CPC80 V16.30"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < CPC80 V16.30"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "CP-8021 MASTER MODULE",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < CPC80 V16.30"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "CP-8022 MASTER MODULE WITH GPRS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < CPC80 V16.30"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-772: Missing Release of Resource after Effective Lifetime"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491621.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,100 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-30938",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-30938",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "EN100 Ethernet module DNP3 IP variant",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "EN100 Ethernet module IEC 104 variant",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "EN100 Ethernet module IEC 61850 variant",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V4.40"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "EN100 Ethernet module Modbus TCP variant",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "EN100 Ethernet module PROFINET IO variant",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865333.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,100 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-31257",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-31257",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 7",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V7.23.31"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 8",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V8.18.18"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V9.14.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 9 (V9.12)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V9.12.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 9 (V9.6)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V9.6.12"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-284: Improper Access Control"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it\u2019s possible to change that user\u2019s password bypassing password validations within a Mendix application. This could allow to set weak passwords."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-433782.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,110 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-33137",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-33137",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC MV540 H",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV540 S",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV550 H",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV550 S",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV560 U",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV560 X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-613: Insufficient Session Expiration"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,110 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-33138",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-33138",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC MV540 H",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV540 S",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV550 H",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV550 S",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV560 U",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC MV560 X",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-306: Missing Authentication for Critical Function"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,70 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-33736",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-33736",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Opcenter Quality V13.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V13.1.20220624"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Opcenter Quality V13.2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V13.2.20220624"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-303: Incorrect Implementation of Authentication Algorithm"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34272",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34272",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-037, FG-VD-22-059)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34273",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34273",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34274",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34274",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-039)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34275",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34275",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34276",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34276",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34277",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34277",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-042)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34278",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34278",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34279",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34279",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-044)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34280",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34280",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-045)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34281",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34281",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-046)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34282",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34282",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-047)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34283",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34283",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-048)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34284",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34284",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34285",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34285",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-050)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34286",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34286",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-051)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34287",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34287",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-052, FG-VD-22-056)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34288",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34288",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-053)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34289",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34289",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34290",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34290",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34291",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34291",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PADS Standard/Plus Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-057, FG-VD-22-058, FG-VD-22-060)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34464",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34464",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SICAM GridEdge Essential ARM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SICAM GridEdge Essential Intel",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2.7.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SICAM GridEdge Essential with GDS ARM",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SICAM GridEdge Essential with GDS Intel",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2.7.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-225578.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,90 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34465",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34465",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Parasolid V33.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Parasolid V34.0",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V34.0.250"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Parasolid V34.1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V34.1.233"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-125: Out-of-bounds Read"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Parasolid V33.1 (All versions), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap (All versions). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-243317.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,70 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34466",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34466",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 9",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V9.11 < V9.15"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Mendix Applications using Mendix 9 (V9.12)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V9.12.3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-492173.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,70 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34467",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34467",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mendix Excel Importer Module (Mendix 8 compatible)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V9.2.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Mendix Excel Importer Module (Mendix 9 compatible)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V10.1.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-610768.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,600 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34663",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34663",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS M2100",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS M2200",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS M969",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RMC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RMC20",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RMC30",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RMC40",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RMC41",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RMC8388",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RP110",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS400",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS401",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS416",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS416v2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS8000",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS8000A",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS8000H",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS8000T",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS900 (32M)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS900G",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS900G (32M)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS900GP",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS900L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS900W",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS910",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS910L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS910W",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS920L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS920W",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS930L",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS930W",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS940G",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RS969",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2100",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2100 (32M)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2100P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2200",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2288",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2300",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2300P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG2488",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG907R",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG908C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG909R",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG910C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSG920P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RSL910",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RST2228",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RST2228P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RST916C",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS RST916P",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V5.6.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS i800",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS i801",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS i802",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "RUGGEDCOM ROS i803",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Affected devices are vulnerable to a web-based code injection attack via the console.\n\nAn attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected\ndevice."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,60 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34748",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34748",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Simcenter Femap",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V2022.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-787: Out-of-bounds Write"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-474231.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,200 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34819",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34819",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC CP 1242-7 V2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-7 LTE EU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-7 LTE US",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-8 IRC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1542SP-1 IRC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1543-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.0.22"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1543SP-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 1242-7 V2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 1543-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.0.22"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS S7-1200 CP 1243-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS S7-1200 CP 1243-1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-122: Heap-based Buffer Overflow"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,200 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34820",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34820",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC CP 1242-7 V2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-7 LTE EU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-7 LTE US",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-8 IRC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1542SP-1 IRC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1543-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.0.22"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1543SP-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 1242-7 V2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 1543-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.0.22"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS S7-1200 CP 1243-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS S7-1200 CP 1243-1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,200 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "productcert@siemens.com",
|
||||
"ID": "CVE-2022-34821",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-34821",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"data_type": "CVE",
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Siemens",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "SIMATIC CP 1242-7 V2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-7 LTE EU",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-7 LTE US",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1243-8 IRC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1542SP-1 IRC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1543-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.0.22"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIMATIC CP 1543SP-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions >= V2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 1242-7 V2",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS NET CP 1543-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions < V3.0.22"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS S7-1200 CP 1243-1",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "SIPLUS S7-1200 CP 1243-1 RAIL",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "All versions"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user