diff --git a/2018/8xxx/CVE-2018-8740.json b/2018/8xxx/CVE-2018-8740.json index e4bd7dfe0ff..b1853bdccc6 100644 --- a/2018/8xxx/CVE-2018-8740.json +++ b/2018/8xxx/CVE-2018-8740.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4205-1", "url": "https://usn.ubuntu.com/4205-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19603.json b/2019/19xxx/CVE-2019-19603.json index de351c0292e..f9f51c760da 100644 --- a/2019/19xxx/CVE-2019-19603.json +++ b/2019/19xxx/CVE-2019-19603.json @@ -71,6 +71,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19645.json b/2019/19xxx/CVE-2019-19645.json index 792e8891b84..7ae10a85174 100644 --- a/2019/19xxx/CVE-2019-19645.json +++ b/2019/19xxx/CVE-2019-19645.json @@ -66,6 +66,11 @@ "url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/0xxx/CVE-2020-0543.json b/2020/0xxx/CVE-2020-0543.json index 734f930af16..d319188cc56 100644 --- a/2020/0xxx/CVE-2020-0543.json +++ b/2020/0xxx/CVE-2020-0543.json @@ -68,6 +68,11 @@ "refsource": "UBUNTU", "name": "USN-4392-1", "url": "https://usn.ubuntu.com/4392-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4393-1", + "url": "https://usn.ubuntu.com/4393-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11042.json b/2020/11xxx/CVE-2020-11042.json index 60bd7724b9b..60806568e51 100644 --- a/2020/11xxx/CVE-2020-11042.json +++ b/2020/11xxx/CVE-2020-11042.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11045.json b/2020/11xxx/CVE-2020-11045.json index 1a65563d063..0be19661db9 100644 --- a/2020/11xxx/CVE-2020-11045.json +++ b/2020/11xxx/CVE-2020-11045.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11046.json b/2020/11xxx/CVE-2020-11046.json index 4ad2f805524..990b9657985 100644 --- a/2020/11xxx/CVE-2020-11046.json +++ b/2020/11xxx/CVE-2020-11046.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11048.json b/2020/11xxx/CVE-2020-11048.json index 54ae6c70123..ef307ffb8d3 100644 --- a/2020/11xxx/CVE-2020-11048.json +++ b/2020/11xxx/CVE-2020-11048.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11049.json b/2020/11xxx/CVE-2020-11049.json index 27832562a0c..38a960fe427 100644 --- a/2020/11xxx/CVE-2020-11049.json +++ b/2020/11xxx/CVE-2020-11049.json @@ -93,6 +93,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11058.json b/2020/11xxx/CVE-2020-11058.json index cc632c37488..7e4fd9aab87 100644 --- a/2020/11xxx/CVE-2020-11058.json +++ b/2020/11xxx/CVE-2020-11058.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] }, diff --git a/2020/11xxx/CVE-2020-11521.json b/2020/11xxx/CVE-2020-11521.json index 360574c3a3f..5b05d7afd64 100644 --- a/2020/11xxx/CVE-2020-11521.json +++ b/2020/11xxx/CVE-2020-11521.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11522.json b/2020/11xxx/CVE-2020-11522.json index 5353516a9ea..65175a24ec9 100644 --- a/2020/11xxx/CVE-2020-11522.json +++ b/2020/11xxx/CVE-2020-11522.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11523.json b/2020/11xxx/CVE-2020-11523.json index 0240e5262cd..64c41b7bb20 100644 --- a/2020/11xxx/CVE-2020-11523.json +++ b/2020/11xxx/CVE-2020-11523.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11525.json b/2020/11xxx/CVE-2020-11525.json index 89d2220ef9c..855a23ffe3a 100644 --- a/2020/11xxx/CVE-2020-11525.json +++ b/2020/11xxx/CVE-2020-11525.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11526.json b/2020/11xxx/CVE-2020-11526.json index 9890eaaf588..727e6c167cc 100644 --- a/2020/11xxx/CVE-2020-11526.json +++ b/2020/11xxx/CVE-2020-11526.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11655.json b/2020/11xxx/CVE-2020-11655.json index c613995de31..d05d2356d13 100644 --- a/2020/11xxx/CVE-2020-11655.json +++ b/2020/11xxx/CVE-2020-11655.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2203-1] sqlite3 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12654.json b/2020/12xxx/CVE-2020-12654.json index b961e8b9322..57c3e4488b5 100644 --- a/2020/12xxx/CVE-2020-12654.json +++ b/2020/12xxx/CVE-2020-12654.json @@ -106,6 +106,11 @@ "refsource": "UBUNTU", "name": "USN-4392-1", "url": "https://usn.ubuntu.com/4392-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4393-1", + "url": "https://usn.ubuntu.com/4393-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13162.json b/2020/13xxx/CVE-2020-13162.json index 847cb21cac2..323c685d821 100644 --- a/2020/13xxx/CVE-2020-13162.json +++ b/2020/13xxx/CVE-2020-13162.json @@ -1,17 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-13162", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-13162", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.pulsesecure.net/?atype=sa", + "refsource": "MISC", + "name": "https://kb.pulsesecure.net/?atype=sa" + }, + { + "url": "https://twitter.com/sepcali/status/1262551597990711296", + "refsource": "MISC", + "name": "https://twitter.com/sepcali/status/1262551597990711296" + }, + { + "url": "https://twitter.com/sepcali/status/1262551336152948738", + "refsource": "MISC", + "name": "https://twitter.com/sepcali/status/1262551336152948738" + }, + { + "url": "https://twitter.com/sepcali/status/1262551277940211712", + "refsource": "MISC", + "name": "https://twitter.com/sepcali/status/1262551277940211712" + }, + { + "url": "https://twitter.com/sepcali", + "refsource": "MISC", + "name": "https://twitter.com/sepcali" + }, + { + "url": "https://github.com/sepcali", + "refsource": "MISC", + "name": "https://github.com/sepcali" + }, + { + "refsource": "MISC", + "name": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/", + "url": "https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/" } ] } diff --git a/2020/13xxx/CVE-2020-13396.json b/2020/13xxx/CVE-2020-13396.json index 3d4e6444ef6..e8b7bf15938 100644 --- a/2020/13xxx/CVE-2020-13396.json +++ b/2020/13xxx/CVE-2020-13396.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13397.json b/2020/13xxx/CVE-2020-13397.json index 494fed8fbaa..f751024fa11 100644 --- a/2020/13xxx/CVE-2020-13397.json +++ b/2020/13xxx/CVE-2020-13397.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13398.json b/2020/13xxx/CVE-2020-13398.json index 7266bde5b5d..4612b3975d6 100644 --- a/2020/13xxx/CVE-2020-13398.json +++ b/2020/13xxx/CVE-2020-13398.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4379-1", "url": "https://usn.ubuntu.com/4379-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4382-1", + "url": "https://usn.ubuntu.com/4382-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13434.json b/2020/13xxx/CVE-2020-13434.json index e4230a7a9b3..1b28015f886 100644 --- a/2020/13xxx/CVE-2020-13434.json +++ b/2020/13xxx/CVE-2020-13434.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-0477f8840e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13435.json b/2020/13xxx/CVE-2020-13435.json index 2e231263c27..ea4318c45b5 100644 --- a/2020/13xxx/CVE-2020-13435.json +++ b/2020/13xxx/CVE-2020-13435.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-0477f8840e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13630.json b/2020/13xxx/CVE-2020-13630.json index a19228adc76..cdb36eafcb0 100644 --- a/2020/13xxx/CVE-2020-13630.json +++ b/2020/13xxx/CVE-2020-13630.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200608-0002/", "url": "https://security.netapp.com/advisory/ntap-20200608-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13631.json b/2020/13xxx/CVE-2020-13631.json index c26f5cc8130..aca010d57f9 100644 --- a/2020/13xxx/CVE-2020-13631.json +++ b/2020/13xxx/CVE-2020-13631.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200608-0002/", "url": "https://security.netapp.com/advisory/ntap-20200608-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13632.json b/2020/13xxx/CVE-2020-13632.json index 61d0acf2c03..0188c68442a 100644 --- a/2020/13xxx/CVE-2020-13632.json +++ b/2020/13xxx/CVE-2020-13632.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200608-0002/", "url": "https://security.netapp.com/advisory/ntap-20200608-0002/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4394-1", + "url": "https://usn.ubuntu.com/4394-1/" } ] } diff --git a/2020/7xxx/CVE-2020-7492.json b/2020/7xxx/CVE-2020-7492.json index 505642a0bfa..b08a4534e97 100644 --- a/2020/7xxx/CVE-2020-7492.json +++ b/2020/7xxx/CVE-2020-7492.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GP-Pro EX V1.00 to V4.09.100", + "version": { + "version_data": [ + { + "version_value": "GP-Pro EX V1.00 to V4.09.100" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-521: Weak Password Requirements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded." } ] } diff --git a/2020/7xxx/CVE-2020-7493.json b/2020/7xxx/CVE-2020-7493.json index bda37759922..1f324c00eed 100644 --- a/2020/7xxx/CVE-2020-7493.json +++ b/2020/7xxx/CVE-2020-7493.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file." } ] } diff --git a/2020/7xxx/CVE-2020-7494.json b/2020/7xxx/CVE-2020-7494.json index a98fd0d9e2e..90f33e3722f 100644 --- a/2020/7xxx/CVE-2020-7494.json +++ b/2020/7xxx/CVE-2020-7494.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file." } ] } diff --git a/2020/7xxx/CVE-2020-7495.json b/2020/7xxx/CVE-2020-7495.json index ab4a6811176..6ed81b7d5bc 100644 --- a/2020/7xxx/CVE-2020-7495.json +++ b/2020/7xxx/CVE-2020-7495.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file." } ] } diff --git a/2020/7xxx/CVE-2020-7496.json b/2020/7xxx/CVE-2020-7496.json index 85bee44305c..03177832940 100644 --- a/2020/7xxx/CVE-2020-7496.json +++ b/2020/7xxx/CVE-2020-7496.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7496", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-88: Argument Injection or Modification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file." } ] } diff --git a/2020/7xxx/CVE-2020-7497.json b/2020/7xxx/CVE-2020-7497.json index a43aa456b70..2bf852da0a5 100644 --- a/2020/7xxx/CVE-2020-7497.json +++ b/2020/7xxx/CVE-2020-7497.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7497", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)", + "version": { + "version_data": [ + { + "version_value": "EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts." } ] } diff --git a/2020/7xxx/CVE-2020-7498.json b/2020/7xxx/CVE-2020-7498.json index 4256a4c7bc2..660d7af7620 100644 --- a/2020/7xxx/CVE-2020-7498.json +++ b/2020/7xxx/CVE-2020-7498.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7498", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Unity Loader and OS Loader Software (All versions)", + "version": { + "version_data": [ + { + "version_value": "Unity Loader and OS Loader Software (All versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-02", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results." } ] } diff --git a/2020/7xxx/CVE-2020-7499.json b/2020/7xxx/CVE-2020-7499.json index d1a5148914a..c8066202bbc 100644 --- a/2020/7xxx/CVE-2020-7499.json +++ b/2020/7xxx/CVE-2020-7499.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7499", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)", + "version": { + "version_data": [ + { + "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284:Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-284:Improper Access Control vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes." } ] } diff --git a/2020/7xxx/CVE-2020-7500.json b/2020/7xxx/CVE-2020-7500.json index 68610f74276..42540e2d4c3 100644 --- a/2020/7xxx/CVE-2020-7500.json +++ b/2020/7xxx/CVE-2020-7500.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "U.motion Servers and Touch Panels (affected versions listed in the security notification)", + "version": { + "version_data": [ + { + "version_value": "U.motion Servers and Touch Panels (affected versions listed in the security notification)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-03/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered." } ] } diff --git a/2020/7xxx/CVE-2020-7501.json b/2020/7xxx/CVE-2020-7501.json index 2f0fe173b90..1e81994ee7f 100644 --- a/2020/7xxx/CVE-2020-7501.json +++ b/2020/7xxx/CVE-2020-7501.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7501", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)", + "version": { + "version_data": [ + { + "version_value": "Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-133-02/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-133-02/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer." } ] } diff --git a/2020/7xxx/CVE-2020-7502.json b/2020/7xxx/CVE-2020-7502.json index 4530077bb32..3fffeadf086 100644 --- a/2020/7xxx/CVE-2020-7502.json +++ b/2020/7xxx/CVE-2020-7502.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7502", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon M218 Logic Controller (Firmware version 4.3 and prior)", + "version": { + "version_data": [ + { + "version_value": "Modicon M218 Logic Controller (Firmware version 4.3 and prior)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-01", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller." } ] } diff --git a/2020/7xxx/CVE-2020-7503.json b/2020/7xxx/CVE-2020-7503.json index a6037f02d74..7d764b44939 100644 --- a/2020/7xxx/CVE-2020-7503.json +++ b/2020/7xxx/CVE-2020-7503.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7503", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted." } ] } diff --git a/2020/7xxx/CVE-2020-7504.json b/2020/7xxx/CVE-2020-7504.json index cab7eec888d..cad2af8fbd1 100644 --- a/2020/7xxx/CVE-2020-7504.json +++ b/2020/7xxx/CVE-2020-7504.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7504", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent." } ] } diff --git a/2020/7xxx/CVE-2020-7505.json b/2020/7xxx/CVE-2020-7505.json index 92d6eb35c3d..216a8e8c503 100644 --- a/2020/7xxx/CVE-2020-7505.json +++ b/2020/7xxx/CVE-2020-7505.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7505", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494 Download of Code Without Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system." } ] } diff --git a/2020/7xxx/CVE-2020-7506.json b/2020/7xxx/CVE-2020-7506.json index bc226af496e..c2fccdd7c99 100644 --- a/2020/7xxx/CVE-2020-7506.json +++ b/2020/7xxx/CVE-2020-7506.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7506", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538: File and Directory Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure." } ] } diff --git a/2020/7xxx/CVE-2020-7507.json b/2020/7xxx/CVE-2020-7507.json index fcb2d09e2a0..dd4f22d75fc 100644 --- a/2020/7xxx/CVE-2020-7507.json +++ b/2020/7xxx/CVE-2020-7507.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7507", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service." } ] } diff --git a/2020/7xxx/CVE-2020-7508.json b/2020/7xxx/CVE-2020-7508.json index 94842503722..52219ce7bd4 100644 --- a/2020/7xxx/CVE-2020-7508.json +++ b/2020/7xxx/CVE-2020-7508.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force." } ] } diff --git a/2020/7xxx/CVE-2020-7509.json b/2020/7xxx/CVE-2020-7509.json index 61a93cf1520..88541a92d32 100644 --- a/2020/7xxx/CVE-2020-7509.json +++ b/2020/7xxx/CVE-2020-7509.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper privilege management (write)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files." } ] } diff --git a/2020/7xxx/CVE-2020-7510.json b/2020/7xxx/CVE-2020-7510.json index 258d350dea8..45b5ab72762 100644 --- a/2020/7xxx/CVE-2020-7510.json +++ b/2020/7xxx/CVE-2020-7510.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys." } ] } diff --git a/2020/7xxx/CVE-2020-7511.json b/2020/7xxx/CVE-2020-7511.json index 134c114aad3..00410df9fd7 100644 --- a/2020/7xxx/CVE-2020-7511.json +++ b/2020/7xxx/CVE-2020-7511.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force." } ] } diff --git a/2020/7xxx/CVE-2020-7512.json b/2020/7xxx/CVE-2020-7512.json index 02bdaea72f7..fc8374257d2 100644 --- a/2020/7xxx/CVE-2020-7512.json +++ b/2020/7xxx/CVE-2020-7512.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1103: Use of Platform-Dependent Third Party Components" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component." } ] } diff --git a/2020/7xxx/CVE-2020-7513.json b/2020/7xxx/CVE-2020-7513.json index 7c36beb5cd7..4ca5cef925f 100644 --- a/2020/7xxx/CVE-2020-7513.json +++ b/2020/7xxx/CVE-2020-7513.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7513", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Easergy T300 (Firmware version 1.5.2 and older)", + "version": { + "version_data": [ + { + "version_value": "Easergy T300 (Firmware version 1.5.2 and older)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312: Cleartext Storage of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-161-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data." } ] }