From cc32ad4d8fc462395bf8b6c8a76f7260efc2eaf0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Jun 2022 18:01:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/38xxx/CVE-2021-38221.json | 61 ++++++++++++-- 2021/45xxx/CVE-2021-45981.json | 61 ++++++++++++-- 2021/45xxx/CVE-2021-45982.json | 61 ++++++++++++-- 2021/45xxx/CVE-2021-45983.json | 61 ++++++++++++-- 2022/1xxx/CVE-2022-1678.json | 16 ++++ 2022/1xxx/CVE-2022-1716.json | 55 +++++++++++- 2022/1xxx/CVE-2022-1979.json | 148 +++++++++++++++++---------------- 2022/1xxx/CVE-2022-1980.json | 148 +++++++++++++++++---------------- 2022/1xxx/CVE-2022-1982.json | 113 +++++++++++++++++++++++-- 2022/25xxx/CVE-2022-25155.json | 73 +++++++++++++++- 2022/25xxx/CVE-2022-25156.json | 67 ++++++++++++++- 2022/25xxx/CVE-2022-25157.json | 70 +++++++++++++++- 2022/25xxx/CVE-2022-25158.json | 67 ++++++++++++++- 2022/25xxx/CVE-2022-25159.json | 43 +++++++++- 2022/25xxx/CVE-2022-25160.json | 43 +++++++++- 2022/25xxx/CVE-2022-25161.json | 33 ++++++-- 2022/25xxx/CVE-2022-25162.json | 33 ++++++-- 2022/25xxx/CVE-2022-25163.json | 61 +++++++++++++- 2022/26xxx/CVE-2022-26497.json | 61 ++++++++++++-- 2022/26xxx/CVE-2022-26944.json | 61 ++++++++++++-- 2022/29xxx/CVE-2022-29597.json | 61 ++++++++++++-- 2022/29xxx/CVE-2022-29704.json | 61 ++++++++++++-- 2022/30xxx/CVE-2022-30429.json | 66 +++++++++++++-- 2022/30xxx/CVE-2022-30687.json | 128 ++++++++++++++-------------- 2022/31xxx/CVE-2022-31018.json | 2 +- 2022/32xxx/CVE-2022-32019.json | 56 +++++++++++-- 26 files changed, 1402 insertions(+), 308 deletions(-) diff --git a/2021/38xxx/CVE-2021-38221.json b/2021/38xxx/CVE-2021-38221.json index 0bc6e96ddbd..3dd23ffe84a 100644 --- a/2021/38xxx/CVE-2021-38221.json +++ b/2021/38xxx/CVE-2021-38221.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-38221", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-38221", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mlogclub/bbs-go/issues/112", + "refsource": "MISC", + "name": "https://github.com/mlogclub/bbs-go/issues/112" + }, + { + "url": "https://github.com/mlogclub/bbs-go/pull/113", + "refsource": "MISC", + "name": "https://github.com/mlogclub/bbs-go/pull/113" } ] } diff --git a/2021/45xxx/CVE-2021-45981.json b/2021/45xxx/CVE-2021-45981.json index 50a4cdbb71d..afe233c8254 100644 --- a/2021/45xxx/CVE-2021-45981.json +++ b/2021/45xxx/CVE-2021-45981.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45981", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45981", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.netscout.com/securityadvisories", + "url": "https://www.netscout.com/securityadvisories" + }, + { + "url": "https://netscout.com", + "refsource": "MISC", + "name": "https://netscout.com" } ] } diff --git a/2021/45xxx/CVE-2021-45982.json b/2021/45xxx/CVE-2021-45982.json index 61c0913b5f9..91067800c88 100644 --- a/2021/45xxx/CVE-2021-45982.json +++ b/2021/45xxx/CVE-2021-45982.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45982", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45982", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.netscout.com/securityadvisories", + "url": "https://www.netscout.com/securityadvisories" + }, + { + "url": "https://netscout.com", + "refsource": "MISC", + "name": "https://netscout.com" } ] } diff --git a/2021/45xxx/CVE-2021-45983.json b/2021/45xxx/CVE-2021-45983.json index 79e70161849..6848cf11fa2 100644 --- a/2021/45xxx/CVE-2021-45983.json +++ b/2021/45xxx/CVE-2021-45983.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-45983", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-45983", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.netscout.com/securityadvisories", + "url": "https://www.netscout.com/securityadvisories" + }, + { + "url": "https://netscout.com", + "refsource": "MISC", + "name": "https://netscout.com" } ] } diff --git a/2022/1xxx/CVE-2022-1678.json b/2022/1xxx/CVE-2022-1678.json index 9c0c57f01c9..a0d984c2b69 100644 --- a/2022/1xxx/CVE-2022-1678.json +++ b/2022/1xxx/CVE-2022-1678.json @@ -43,6 +43,22 @@ } ] }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { diff --git a/2022/1xxx/CVE-2022-1716.json b/2022/1xxx/CVE-2022-1716.json index 53365d3649e..da8cfbb8024 100644 --- a/2022/1xxx/CVE-2022-1716.json +++ b/2022/1xxx/CVE-2022-1716.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Keep My Notes", + "version": { + "version_data": [ + { + "version_value": "1.80.147" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/tyler/", + "url": "https://fluidattacks.com/advisories/tyler/" + }, + { + "refsource": "MISC", + "name": "http://www.kitetech.co/keepmynotes", + "url": "http://www.kitetech.co/keepmynotes" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker with physical access to the victim's device can bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation." } ] } diff --git a/2022/1xxx/CVE-2022-1979.json b/2022/1xxx/CVE-2022-1979.json index f13984df35d..a3b684c7d64 100644 --- a/2022/1xxx/CVE-2022-1979.json +++ b/2022/1xxx/CVE-2022-1979.json @@ -1,73 +1,77 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1979", - "TITLE": "SourceCodester Product Show Room Site p=contact cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Product Show Room Site", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Message'%20Stored%20Cross-Site%20Scripting(XSS).md", + "refsource": "MISC", + "name": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Message'%20Stored%20Cross-Site%20Scripting(XSS).md" + }, + { + "url": "https://vuldb.com/?id.200950", + "refsource": "MISC", + "name": "https://vuldb.com/?id.200950" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1980.json b/2022/1xxx/CVE-2022-1980.json index c1cc81febee..42c61f0e5f6 100644 --- a/2022/1xxx/CVE-2022-1980.json +++ b/2022/1xxx/CVE-2022-1980.json @@ -1,73 +1,77 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-1980", - "TITLE": "SourceCodester Product Show Room Site cross site scripting", - "REQUESTER": "cna@vuldb.com", - "ASSIGNER": "cna@vuldb.com", - "STATE": "PUBLIC" - }, - "generator": "vuldb.com", - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "SourceCodester", - "product": { - "product_data": [ - { - "product_name": "Product Show Room Site", - "version": { - "version_data": [ - { - "version_value": "1.0" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross Site Scripting" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file \/admin\/?page=system_info\/contact_info. The manipulation of the textbox Telephone with the input leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "2.4", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Telephone'%20Stored%20Cross-Site%20Scripting(XSS).md", + "refsource": "MISC", + "name": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/Product%20Show%20Room%20Site/'Telephone'%20Stored%20Cross-Site%20Scripting(XSS).md" + }, + { + "url": "https://vuldb.com/?id.200951", + "refsource": "MISC", + "name": "https://vuldb.com/?id.200951" + } + ] + } } \ No newline at end of file diff --git a/2022/1xxx/CVE-2022-1982.json b/2022/1xxx/CVE-2022-1982.json index e6b8b8d7b1a..5e8492048b0 100644 --- a/2022/1xxx/CVE-2022-1982.json +++ b/2022/1xxx/CVE-2022-1982.json @@ -1,18 +1,117 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "responsibledisclosure@mattermost.com", "ID": "CVE-2022-1982", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "A crafted SVG attachment can crash a Mattermost server" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mattermost", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "5.x", + "version_value": "5.39" + }, + { + "version_affected": "<=", + "version_name": "6.x", + "version_value": "6.3.7" + }, + { + "version_affected": "<=", + "version_name": "6.4.x", + "version_value": "6.4.2" + }, + { + "version_affected": "=", + "version_name": "6.5.x", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_name": "6.6.x", + "version_value": "6.6.0" + } + ] + } + } + ] + }, + "vendor_name": "Mattermost" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://mattermost.com/security-updates/", + "name": "https://mattermost.com/security-updates/" + } + ] + }, + "source": { + "advisory": "MMSA-2022-00104", + "defect": [ + "https://mattermost.atlassian.net/browse/MM-43392" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Configure the maximum file size for message attachments to 20 megabytes or less: https://docs.mattermost.com/configure/configuration-settings.html#maximum-file-size" + } + ] } \ No newline at end of file diff --git a/2022/25xxx/CVE-2022-25155.json b/2022/25xxx/CVE-2022-25155.json index cffaed46c65..99d8a0cc9ef 100644 --- a/2022/25xxx/CVE-2022-25155.json +++ b/2022/25xxx/CVE-2022-25155.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2", "version": { "version_data": [ { @@ -23,6 +23,75 @@ }, { "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions" } ] } @@ -68,7 +137,7 @@ "description_data": [ { "lang": "eng", - "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash." + "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash." } ] } diff --git a/2022/25xxx/CVE-2022-25156.json b/2022/25xxx/CVE-2022-25156.json index d5deb67b73a..42d1664597b 100644 --- a/2022/25xxx/CVE-2022-25156.json +++ b/2022/25xxx/CVE-2022-25156.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC Q series QJ72BR15; Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE); Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2", "version": { "version_data": [ { @@ -23,6 +23,69 @@ }, { "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ72BR15 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions" } ] } @@ -68,7 +131,7 @@ "description_data": [ { "lang": "eng", - "value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash." + "value": "Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash." } ] } diff --git a/2022/25xxx/CVE-2022-25157.json b/2022/25xxx/CVE-2022-25157.json index 7c93cadb6f9..7382a22afbe 100644 --- a/2022/25xxx/CVE-2022-25157.json +++ b/2022/25xxx/CVE-2022-25157.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2", "version": { "version_data": [ { @@ -23,6 +23,72 @@ }, { "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions" } ] } @@ -68,7 +134,7 @@ "description_data": [ { "lang": "eng", - "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash." + "value": "Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash." } ] } diff --git a/2022/25xxx/CVE-2022-25158.json b/2022/25xxx/CVE-2022-25158.json index f35a9d3d841..a3bed223dbb 100644 --- a/2022/25xxx/CVE-2022-25158.json +++ b/2022/25xxx/CVE-2022-25158.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; itsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2; Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03UDECPU; Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100; Mitsubishi Electric MELSEC L series L02/06/26CPU(-P); Mitsubishi Electric MELSEC L series L26CPU-(P)BT; Mitsubishi Electric MELSEC L series LJ71C24(-R2); Mitsubishi Electric MELSEC L series LJ71E71-100; Mitsubishi Electric MELSEC L series LJ72GF15-T2", "version": { "version_data": [ { @@ -23,6 +23,69 @@ }, { "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03UDECPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ71E71-100 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions" } ] } @@ -68,7 +131,7 @@ "description_data": [ { "lang": "eng", - "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext." + "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GF11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GP21(S)-SX all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote attacker to disclose or tamper with a file in which password hash is saved in cleartext." } ] } diff --git a/2022/25xxx/CVE-2022-25159.json b/2022/25xxx/CVE-2022-25159.json index 8f8b049d46a..6b6426da533 100644 --- a/2022/25xxx/CVE-2022-25159.json +++ b/2022/25xxx/CVE-2022-25159.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100", "version": { "version_data": [ { @@ -23,6 +23,45 @@ }, { "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions" } ] } @@ -68,7 +107,7 @@ "description_data": [ { "lang": "eng", - "value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack." + "value": "Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack." } ] } diff --git a/2022/25xxx/CVE-2022-25160.json b/2022/25xxx/CVE-2022-25160.json index f5f6e951d6e..c939c0eb9a1 100644 --- a/2022/25xxx/CVE-2022-25160.json +++ b/2022/25xxx/CVE-2022-25160.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU; Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU; Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU; Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU; Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU; Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU; Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4); Mitsubishi Electric MELSEC iQ-R series RJ71EN71; Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2; Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU; Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU; Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4); Mitsubishi Electric MELSEC Q series QJ71E71-100", "version": { "version_data": [ { @@ -23,6 +23,45 @@ }, { "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions" + }, + { + "version_value": "Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions" } ] } @@ -68,7 +107,7 @@ "description_data": [ { "lang": "eng", - "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user's system." + "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user\u2019s system." } ] } diff --git a/2022/25xxx/CVE-2022-25161.json b/2022/25xxx/CVE-2022-25161.json index 8315e002213..c910210b8b4 100644 --- a/2022/25xxx/CVE-2022-25161.json +++ b/2022/25xxx/CVE-2022-25161.json @@ -15,26 +15,38 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS)", "version": { "version_data": [ { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000" } ] } @@ -68,6 +80,11 @@ "refsource": "MISC", "name": "https://jvn.jp/vu/JVNVU95926817/index.html", "url": "https://jvn.jp/vu/JVNVU95926817/index.html" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01" } ] }, @@ -75,7 +92,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery." + "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a DoS condition for the product's program execution or communication by sending specially crafted packets. System reset of the product is required for recovery." } ] } diff --git a/2022/25xxx/CVE-2022-25162.json b/2022/25xxx/CVE-2022-25162.json index 3046944ad99..9eecfb802dc 100644 --- a/2022/25xxx/CVE-2022-25162.json +++ b/2022/25xxx/CVE-2022-25162.json @@ -15,26 +15,38 @@ "product": { "product_data": [ { - "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS)", + "product_name": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS); Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS; Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS); Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R); Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS)", "version": { "version_data": [ { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS Prior to 1.270" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270" }, { - "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) Prior to 1.030" + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000" } ] } @@ -68,6 +80,11 @@ "refsource": "MISC", "name": "https://jvn.jp/vu/JVNVU95926817/index.html", "url": "https://jvn.jp/vu/JVNVU95926817/index.html" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01" } ] }, @@ -75,7 +92,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270 and Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets." + "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior and versions prior to 1.073, MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 17X**** or later and versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-xMy/z(x=32,64,96, y=T,R, z=D,DSS) with serial number 179**** and prior and versions prior to 1.073, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MT/DSS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UC-32MR/DS-TS versions prior to 1.270, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/z(x=24,40,60, y=T,R, z=ES,ESS) versions prior to 1.030, Mitsubishi Electric MELSEC iQ-F series FX5UJ-xMy/ES-A(x=24,40,60, y=T,R) versions prior to 1.031 and Mitsubishi Electric MELSEC iQ-F series FX5S-xMy/z(x=30,40,60,80, y=T,R, z=ES,ESS) version 1.000 allows a remote unauthenticated attacker to cause a temporary DoS condition for the product's communication by sending specially crafted packets." } ] } diff --git a/2022/25xxx/CVE-2022-25163.json b/2022/25xxx/CVE-2022-25163.json index 65f27a434a9..d416b770a1c 100644 --- a/2022/25xxx/CVE-2022-25163.json +++ b/2022/25xxx/CVE-2022-25163.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-25163", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100; Mitsubishi Electric MELSEC-L series LJ71E71-100; Mitsubishi Electric MELSEC iQ-R Series RD81MES96N", + "version": { + "version_data": [ + { + "version_value": "Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior" + }, + { + "version_value": "Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior" + }, + { + "version_value": "Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-006_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU92561747/index.html", + "url": "https://jvn.jp/vu/JVNVU92561747/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number \"24061\" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number \"24061\" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version \"08\" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets." } ] } diff --git a/2022/26xxx/CVE-2022-26497.json b/2022/26xxx/CVE-2022-26497.json index ad0dccbec78..5265599a16e 100644 --- a/2022/26xxx/CVE-2022-26497.json +++ b/2022/26xxx/CVE-2022-26497.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26497", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26497", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the \"Share room access\" dialog if the victim has shared access to the particular room with the attacker previously." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bigbluebutton/greenlight/blob/master/app/assets/javascripts/room.js#L352", + "refsource": "MISC", + "name": "https://github.com/bigbluebutton/greenlight/blob/master/app/assets/javascripts/room.js#L352" + }, + { + "refsource": "MISC", + "name": "https://www.mgm-sp.com/en/cve-2022-26497-bigbluebutton-greenlight-xss/", + "url": "https://www.mgm-sp.com/en/cve-2022-26497-bigbluebutton-greenlight-xss/" } ] } diff --git a/2022/26xxx/CVE-2022-26944.json b/2022/26xxx/CVE-2022-26944.json index 3d0d6566c00..f613dc3de57 100644 --- a/2022/26xxx/CVE-2022-26944.json +++ b/2022/26xxx/CVE-2022-26944.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-26944", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-26944", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.percona.com/browse/PXB-2722", + "refsource": "MISC", + "name": "https://jira.percona.com/browse/PXB-2722" + }, + { + "refsource": "MISC", + "name": "https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html", + "url": "https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html" } ] } diff --git a/2022/29xxx/CVE-2022-29597.json b/2022/29xxx/CVE-2022-29597.json index 3934a3c3d69..a38f2570fec 100644 --- a/2022/29xxx/CVE-2022-29597.json +++ b/2022/29xxx/CVE-2022-29597.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29597", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29597", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://solutions-atlantic.com/rrs/", + "refsource": "MISC", + "name": "https://solutions-atlantic.com/rrs/" + }, + { + "refsource": "MISC", + "name": "https://github.com/TheGetch/CVE-2022-29597", + "url": "https://github.com/TheGetch/CVE-2022-29597" } ] } diff --git a/2022/29xxx/CVE-2022-29704.json b/2022/29xxx/CVE-2022-29704.json index 19ede8c33bb..3b2b3535c08 100644 --- a/2022/29xxx/CVE-2022-29704.json +++ b/2022/29xxx/CVE-2022-29704.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-29704", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-29704", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://browsbox.com", + "refsource": "MISC", + "name": "http://browsbox.com" + }, + { + "url": "https://www.youtube.com/watch?v=ECTu2QVAl1c", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=ECTu2QVAl1c" } ] } diff --git a/2022/30xxx/CVE-2022-30429.json b/2022/30xxx/CVE-2022-30429.json index 0f8964f1b34..b9e4699acb5 100644 --- a/2022/30xxx/CVE-2022-30429.json +++ b/2022/30xxx/CVE-2022-30429.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-30429", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-30429", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cms.com", + "refsource": "MISC", + "name": "http://cms.com" + }, + { + "url": "http://neos.com", + "refsource": "MISC", + "name": "http://neos.com" + }, + { + "refsource": "MISC", + "name": "https://www.neos.io/blog/xss-in-various-backend-modules.html", + "url": "https://www.neos.io/blog/xss-in-various-backend-modules.html" } ] } diff --git a/2022/30xxx/CVE-2022-30687.json b/2022/30xxx/CVE-2022-30687.json index 18dbb4f22b1..c5a9490d304 100644 --- a/2022/30xxx/CVE-2022-30687.json +++ b/2022/30xxx/CVE-2022-30687.json @@ -1,63 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2022-30687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Maximum Security", - "version" : { - "version_data" : [ - { - "version_value" : "2022 (17.7)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Link Following Arbitrary File Deletion" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://helpcenter.trendmicro.com/en-us/article/tmka-11017" - }, - { - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-22-789/" - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2022-30687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Maximum Security", + "version": { + "version_data": [ + { + "version_value": "2022 (17.7)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Link Following Arbitrary File Deletion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017", + "refsource": "MISC", + "name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11017" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-789/" + } + ] + } +} \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31018.json b/2022/31xxx/CVE-2022-31018.json index 9aee3f2872a..fe5805dc7fe 100644 --- a/2022/31xxx/CVE-2022-31018.json +++ b/2022/31xxx/CVE-2022-31018.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect.\n\n" + "value": "Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled\u2014as it is by default\u2014then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect." } ] }, diff --git a/2022/32xxx/CVE-2022-32019.json b/2022/32xxx/CVE-2022-32019.json index 17b840c88d7..e3edb0510c9 100644 --- a/2022/32xxx/CVE-2022-32019.json +++ b/2022/32xxx/CVE-2022-32019.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-32019", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-32019", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/RCE-1.md", + "url": "https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/RCE-1.md" } ] }