From d1a14b688b19bd0a7e1a0a1a4407e1a7664c15b4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 22 Apr 2021 21:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19291.json | 2 +- 2019/19xxx/CVE-2019-19292.json | 2 +- 2019/19xxx/CVE-2019-19293.json | 2 +- 2019/19xxx/CVE-2019-19294.json | 2 +- 2019/19xxx/CVE-2019-19295.json | 2 +- 2019/19xxx/CVE-2019-19296.json | 2 +- 2019/19xxx/CVE-2019-19297.json | 2 +- 2019/19xxx/CVE-2019-19298.json | 2 +- 2019/19xxx/CVE-2019-19299.json | 2 +- 2019/6xxx/CVE-2019-6585.json | 2 +- 2020/15xxx/CVE-2020-15795.json | 7 ++++--- 2020/25xxx/CVE-2020-25243.json | 7 ++++--- 2020/25xxx/CVE-2020-25244.json | 7 ++++--- 2020/26xxx/CVE-2020-26997.json | 5 +++-- 2020/27xxx/CVE-2020-27009.json | 7 ++++--- 2020/27xxx/CVE-2020-27736.json | 12 +++++++----- 2020/27xxx/CVE-2020-27737.json | 12 +++++++----- 2020/27xxx/CVE-2020-27738.json | 12 +++++++----- 2020/28xxx/CVE-2020-28387.json | 2 +- 2020/7xxx/CVE-2020-7581.json | 2 +- 2020/7xxx/CVE-2020-7585.json | 2 +- 2020/7xxx/CVE-2020-7586.json | 2 +- 2020/7xxx/CVE-2020-7587.json | 2 +- 2020/7xxx/CVE-2020-7588.json | 2 +- 2021/25xxx/CVE-2021-25663.json | 7 ++++--- 2021/25xxx/CVE-2021-25664.json | 7 ++++--- 2021/25xxx/CVE-2021-25667.json | 2 +- 2021/25xxx/CVE-2021-25668.json | 7 ++++--- 2021/25xxx/CVE-2021-25669.json | 7 ++++--- 2021/25xxx/CVE-2021-25670.json | 7 ++++--- 2021/25xxx/CVE-2021-25676.json | 2 +- 2021/25xxx/CVE-2021-25677.json | 12 +++++++----- 2021/25xxx/CVE-2021-25678.json | 7 ++++--- 2021/27xxx/CVE-2021-27380.json | 2 +- 2021/27xxx/CVE-2021-27381.json | 2 +- 2021/27xxx/CVE-2021-27382.json | 7 ++++--- 2021/27xxx/CVE-2021-27389.json | 7 ++++--- 2021/27xxx/CVE-2021-27392.json | 7 ++++--- 2021/27xxx/CVE-2021-27393.json | 7 ++++--- 39 files changed, 107 insertions(+), 84 deletions(-) diff --git a/2019/19xxx/CVE-2019-19291.json b/2019/19xxx/CVE-2019-19291.json index bc85765ebcc..66025082d74 100644 --- a/2019/19xxx/CVE-2019-19291.json +++ b/2019/19xxx/CVE-2019-19291.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service." } ] }, diff --git a/2019/19xxx/CVE-2019-19292.json b/2019/19xxx/CVE-2019-19292.json index 9d196b39659..28f9c79c3d4 100644 --- a/2019/19xxx/CVE-2019-19292.json +++ b/2019/19xxx/CVE-2019-19292.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection\nvulnerability in its XML-based communication protocol as provided by default\non ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nread or modify the CCS database and potentially execute administrative\ndatabase operations or operating system commands.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands." } ] }, diff --git a/2019/19xxx/CVE-2019-19293.json b/2019/19xxx/CVE-2019-19293.json index ff9b018c853..bbfe755a850 100644 --- a/2019/19xxx/CVE-2019-19293.json +++ b/2019/19xxx/CVE-2019-19293.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a\nreflected Cross-site Scripting (XSS) vulnerability\nthat could allow an unauthenticated remote attacker to steal sensitive data\nor execute administrative actions on behalf of a legitimate administrator\nof the CCS web interface.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface." } ] }, diff --git a/2019/19xxx/CVE-2019-19294.json b/2019/19xxx/CVE-2019-19294.json index 659ca51f1c2..8f34596ef35 100644 --- a/2019/19xxx/CVE-2019-19294.json +++ b/2019/19xxx/CVE-2019-19294.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains\nmultiple stored Cross-site Scripting (XSS) vulnerabilities in several input\nfields.\nThis could allow an authenticated remote attacker to inject malicious\nJavaScript code into the CCS web application that is later executed\nin the browser context of any other user who views the relevant CCS\nweb content.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content." } ] }, diff --git a/2019/19xxx/CVE-2019-19295.json b/2019/19xxx/CVE-2019-19295.json index da7c41543ee..aaa8f9fc02b 100644 --- a/2019/19xxx/CVE-2019-19295.json +++ b/2019/19xxx/CVE-2019-19295.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of\nsecurity-relevant activities in its XML-based communication protocol\nas provided by default on ports 5444/tcp and 5440/tcp.\nAn authenticated remote attacker could exploit this vulnerability to\nperform covert actions that are not visible in the application log.\n" + "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log." } ] }, diff --git a/2019/19xxx/CVE-2019-19296.json b/2019/19xxx/CVE-2019-19296.json index af0d169e09a..110a4030e2d 100644 --- a/2019/19xxx/CVE-2019-19296.json +++ b/2019/19xxx/CVE-2019-19296.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download \narbitrary files from the server, if the FTP services are enabled.\n" + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled." } ] }, diff --git a/2019/19xxx/CVE-2019-19297.json b/2019/19xxx/CVE-2019-19297.json index a4484dbbe1e..cd44eac96b0 100644 --- a/2019/19xxx/CVE-2019-19297.json +++ b/2019/19xxx/CVE-2019-19297.json @@ -46,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n" + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server." } ] }, diff --git a/2019/19xxx/CVE-2019-19298.json b/2019/19xxx/CVE-2019-19298.json index 7e98faf278c..23032fb034c 100644 --- a/2019/19xxx/CVE-2019-19298.json +++ b/2019/19xxx/CVE-2019-19298.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests.\n" + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests." } ] }, diff --git a/2019/19xxx/CVE-2019-19299.json b/2019/19xxx/CVE-2019-19299.json index 6a3ff676f88..09019d4b7ce 100644 --- a/2019/19xxx/CVE-2019-19299.json +++ b/2019/19xxx/CVE-2019-19299.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n" + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks." } ] }, diff --git a/2019/6xxx/CVE-2019-6585.json b/2019/6xxx/CVE-2019-6585.json index 2af78a20a8b..036f9c893b0 100644 --- a/2019/6xxx/CVE-2019-6585.json +++ b/2019/6xxx/CVE-2019-6585.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow\nCross-Site Scripting (XSS) attacks if unsuspecting users are tricked into\naccessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user must\nbe logged into the web interface in order for the exploitation to succeed.\n" + "value": "A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed." } ] }, diff --git a/2020/15xxx/CVE-2020-15795.json b/2020/15xxx/CVE-2020-15795.json index 48c6062aa37..b8dbd0bb396 100644 --- a/2020/15xxx/CVE-2020-15795.json +++ b/2020/15xxx/CVE-2020-15795.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.\n" + "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf" } ] } diff --git a/2020/25xxx/CVE-2020-25243.json b/2020/25xxx/CVE-2020-25243.json index d927b1e7783..8de6da29371 100644 --- a/2020/25xxx/CVE-2020-25243.json +++ b/2020/25xxx/CVE-2020-25243.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). A zip slip vulnerability could be triggered while importing a compromised project file\nto the affected software. Chained with other vulnerabilities this vulnerability could\nultimately lead to a system takeover by an attacker.\n" + "value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an attacker." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf" } ] } diff --git a/2020/25xxx/CVE-2020-25244.json b/2020/25xxx/CVE-2020-25244.json index 2a5b6b91eb2..277adf1dfc2 100644 --- a/2020/25xxx/CVE-2020-25244.json +++ b/2020/25xxx/CVE-2020-25244.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). The software insecurely loads libraries which makes it vulnerable to DLL hijacking.\nSuccessful exploitation by a local attacker could lead to a takeover of the system\nwhere the software is installed.\n" + "value": "A vulnerability has been identified in LOGO! Soft Comfort (All versions). The software insecurely loads libraries which makes it vulnerable to DLL hijacking. Successful exploitation by a local attacker could lead to a takeover of the system where the software is installed." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26997.json b/2020/26xxx/CVE-2020-26997.json index 2ab9807f37c..b2df966776e 100644 --- a/2020/26xxx/CVE-2020-26997.json +++ b/2020/26xxx/CVE-2020-26997.json @@ -73,8 +73,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf" } ] } diff --git a/2020/27xxx/CVE-2020-27009.json b/2020/27xxx/CVE-2020-27009.json index 5f715294bc1..87dbdbae0a7 100644 --- a/2020/27xxx/CVE-2020-27009.json +++ b/2020/27xxx/CVE-2020-27009.json @@ -76,15 +76,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.\n" + "value": "A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf" } ] } diff --git a/2020/27xxx/CVE-2020-27736.json b/2020/27xxx/CVE-2020-27736.json index 7844ffd4829..9de10afb148 100644 --- a/2020/27xxx/CVE-2020-27736.json +++ b/2020/27xxx/CVE-2020-27736.json @@ -106,19 +106,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.\n" + "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" } ] } diff --git a/2020/27xxx/CVE-2020-27737.json b/2020/27xxx/CVE-2020-27737.json index aa81d62c286..efff3583b8d 100644 --- a/2020/27xxx/CVE-2020-27737.json +++ b/2020/27xxx/CVE-2020-27737.json @@ -106,19 +106,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.\n" + "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" } ] } diff --git a/2020/27xxx/CVE-2020-27738.json b/2020/27xxx/CVE-2020-27738.json index fb8aefd9042..4e94608f354 100644 --- a/2020/27xxx/CVE-2020-27738.json +++ b/2020/27xxx/CVE-2020-27738.json @@ -106,19 +106,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.\n" + "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28387.json b/2020/28xxx/CVE-2020-28387.json index fa540a782ff..f354ca60bad 100644 --- a/2020/28xxx/CVE-2020-28387.json +++ b/2020/28xxx/CVE-2020-28387.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)\n" + "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)" } ] }, diff --git a/2020/7xxx/CVE-2020-7581.json b/2020/7xxx/CVE-2020-7581.json index cedc4ac0233..f08d4b5cf0e 100644 --- a/2020/7xxx/CVE-2020-7581.json +++ b/2020/7xxx/CVE-2020-7581.json @@ -176,7 +176,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.\n" + "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted." } ] }, diff --git a/2020/7xxx/CVE-2020-7585.json b/2020/7xxx/CVE-2020-7585.json index 19d7a8997ce..1eeff0a1b24 100644 --- a/2020/7xxx/CVE-2020-7585.json +++ b/2020/7xxx/CVE-2020-7585.json @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges.\n\nThe security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.\n" + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information." } ] }, diff --git a/2020/7xxx/CVE-2020-7586.json b/2020/7xxx/CVE-2020-7586.json index 16f45b584ad..a85f425a1ef 100644 --- a/2020/7xxx/CVE-2020-7586.json +++ b/2020/7xxx/CVE-2020-7586.json @@ -86,7 +86,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation.\n\nThe security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.\n" + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information." } ] }, diff --git a/2020/7xxx/CVE-2020-7587.json b/2020/7xxx/CVE-2020-7587.json index 97310ba6fa4..fff2f84f053 100644 --- a/2020/7xxx/CVE-2020-7587.json +++ b/2020/7xxx/CVE-2020-7587.json @@ -196,7 +196,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could\ncause a partial remote Denial-of-Service, that would cause the service\nto restart itself.\n\nOn some cases the vulnerability could leak random information from the\nremote service.\n" + "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service." } ] }, diff --git a/2020/7xxx/CVE-2020-7588.json b/2020/7xxx/CVE-2020-7588.json index 772d3d579ce..e5a30043d4a 100644 --- a/2020/7xxx/CVE-2020-7588.json +++ b/2020/7xxx/CVE-2020-7588.json @@ -196,7 +196,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a\npartial remote Denial-of-Service, that would cause the service to restart\nitself.\n" + "value": "A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES <= V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES <= V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself." } ] }, diff --git a/2021/25xxx/CVE-2021-25663.json b/2021/25xxx/CVE-2021-25663.json index ffbc50a790a..e7c5f1ad8d7 100644 --- a/2021/25xxx/CVE-2021-25663.json +++ b/2021/25xxx/CVE-2021-25663.json @@ -86,15 +86,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.\n" + "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25664.json b/2021/25xxx/CVE-2021-25664.json index 9f6482468f0..fe4e36b23da 100644 --- a/2021/25xxx/CVE-2021-25664.json +++ b/2021/25xxx/CVE-2021-25664.json @@ -86,15 +86,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.\n" + "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25667.json b/2021/25xxx/CVE-2021-25667.json index 03130ebe421..191531bcbc0 100644 --- a/2021/25xxx/CVE-2021-25667.json +++ b/2021/25xxx/CVE-2021-25667.json @@ -146,7 +146,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could \nallow a remote attacker to trigger a denial-of-service condition or potentially remote code execution.\n\nSuccessful exploitation requires the passive listening feature of the device to be active.\n" + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active." } ] }, diff --git a/2021/25xxx/CVE-2021-25668.json b/2021/25xxx/CVE-2021-25668.json index 07d6094d457..3042e3b6b21 100644 --- a/2021/25xxx/CVE-2021-25668.json +++ b/2021/25xxx/CVE-2021-25668.json @@ -326,15 +326,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.\n" + "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25669.json b/2021/25xxx/CVE-2021-25669.json index c9e906a953a..75f850b56ba 100644 --- a/2021/25xxx/CVE-2021-25669.json +++ b/2021/25xxx/CVE-2021-25669.json @@ -326,15 +326,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution.\n" + "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions). Incorrect processing of POST requests in the web server may write out of bounds in stack. An attacker might leverage this to denial-of-service of the device or remote code execution." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25670.json b/2021/25xxx/CVE-2021-25670.json index 2deb76400a3..5536fc37c1e 100644 --- a/2021/25xxx/CVE-2021-25670.json +++ b/2021/25xxx/CVE-2021-25670.json @@ -46,15 +46,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12608)\n" + "value": "A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12608)" } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25676.json b/2021/25xxx/CVE-2021-25676.json index 1ba7b5aed82..fc996dfdb35 100644 --- a/2021/25xxx/CVE-2021-25676.json +++ b/2021/25xxx/CVE-2021-25676.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.\n" + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically." } ] }, diff --git a/2021/25xxx/CVE-2021-25677.json b/2021/25xxx/CVE-2021-25677.json index 72117034ae9..2af44429c2a 100644 --- a/2021/25xxx/CVE-2021-25677.json +++ b/2021/25xxx/CVE-2021-25677.json @@ -116,19 +116,21 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.\n" + "value": "A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf" } ] } diff --git a/2021/25xxx/CVE-2021-25678.json b/2021/25xxx/CVE-2021-25678.json index aaaaa4a13b8..3de5f416835 100644 --- a/2021/25xxx/CVE-2021-25678.json +++ b/2021/25xxx/CVE-2021-25678.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)\n" + "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529)" } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27380.json b/2021/27xxx/CVE-2021-27380.json index 413a6e240fc..f5c0f7f6cc7 100644 --- a/2021/27xxx/CVE-2021-27380.json +++ b/2021/27xxx/CVE-2021-27380.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)\n" + "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12532)" } ] }, diff --git a/2021/27xxx/CVE-2021-27381.json b/2021/27xxx/CVE-2021-27381.json index 10c0d918e61..e9a4727ad2c 100644 --- a/2021/27xxx/CVE-2021-27381.json +++ b/2021/27xxx/CVE-2021-27381.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534)\n" + "value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12534)" } ] }, diff --git a/2021/27xxx/CVE-2021-27382.json b/2021/27xxx/CVE-2021-27382.json index f1cfad40944..3c00f2abcb7 100644 --- a/2021/27xxx/CVE-2021-27382.json +++ b/2021/27xxx/CVE-2021-27382.json @@ -66,15 +66,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)\n" + "value": "A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13040)" } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27389.json b/2021/27xxx/CVE-2021-27389.json index 9b5bfe98e7f..0500c0a7344 100644 --- a/2021/27xxx/CVE-2021-27389.json +++ b/2021/27xxx/CVE-2021-27389.json @@ -56,15 +56,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.\n" + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27392.json b/2021/27xxx/CVE-2021-27392.json index c6a9e018bc5..f61ccbb0a33 100644 --- a/2021/27xxx/CVE-2021-27392.json +++ b/2021/27xxx/CVE-2021-27392.json @@ -116,15 +116,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK.\n\nThis could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server.\n" + "value": "A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf" } ] } diff --git a/2021/27xxx/CVE-2021-27393.json b/2021/27xxx/CVE-2021-27393.json index cd09f4039b3..4913ee9d247 100644 --- a/2021/27xxx/CVE-2021-27393.json +++ b/2021/27xxx/CVE-2021-27393.json @@ -86,15 +86,16 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.\n" + "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving." } ] }, "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf" } ] }