admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-09 11:00:33 +00:00
parent c38f88c1d8
commit d64e65cdbd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 200 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
2021/34xxx/CVE-2021-34600.json
View File

@ -1,15 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-01-18T11:00:00.000Z",
"ID": "CVE-2021-34600",
"STATE": "PUBLIC",
"TITLE": "Telenot complex: Insecure AES Key Generation"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)",
"cweId": "CWE-335"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Telenot Electronic GmbH",
"product": {
"product_data": [
{
@ -18,81 +41,30 @@
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "32.0"
}
]
}
}
]
},
"vendor_name": "Telenot Electronic GmbH"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "X41 D-SEC GmbH, Markus Vervier, Yasar Klawohn"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation."
"url": "https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/",
"refsource": "MISC",
"name": "https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/",
"refsource": "CONFIRM",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to CompasX versions >= 32.0\n"
}
],
"source": {
"defect": [
"CERT@VDE#64025"
@ -101,8 +73,52 @@
},
"work_around": [
{
"lang": "eng",
"value": "It is strongly recommended to raise the security level during the time window until the AES keys can be changed to securely generated ones. The complex alarm systems supports alternative authentication factors that can be combined with the Desfire NFC tag authentication. An example for such an additional factor is a requirement for a valid PIN entry on the complex alarm system in addition to a successful Desfire authentication to disarm the alarm."
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>It is strongly recommended to raise the security level during the time window until the AES keys can be changed to securely generated ones. The complex alarm systems supports alternative authentication factors that can be combined with the Desfire NFC tag authentication. An example for such an additional factor is a requirement for a valid PIN entry on the complex alarm system in addition to a successful Desfire authentication to disarm the alarm.</p>"
}
],
"value": "It is strongly recommended to raise the security level during the time window until the AES keys can be changed to securely generated ones. The complex alarm systems supports alternative authentication factors that can be combined with the Desfire NFC tag authentication. An example for such an additional factor is a requirement for a valid PIN entry on the complex alarm system in addition to a successful Desfire authentication to disarm the alarm.\n\n"
}
]
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Update to CompasX versions &gt;= 32.0</p>"
}
],
"value": "Update to CompasX versions >= 32.0\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "X41 D-SEC GmbH, Markus Vervier, Yasar Klawohn"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

178
2022/22xxx/CVE-2022-22521.json
View File

@ -1,121 +1,135 @@
{
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-04-27T00:00:00.000Z",
"ID": "CVE-2022-22521",
"STATE": "PUBLIC",
"TITLE": "Privilege Escalation in Miele Benchmark Programming Tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Benchmark Programming Tool",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.2.71",
"version_value": "1.2.71"
}
]
}
}
]
},
"vendor_name": "Miele"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SEC Consult Vulnerability Lab identified and reported the vulnerability to Miele PSIRT."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-22521",
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin."
"value": "In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Miele",
"product": {
"product_data": [
{
"product_name": "Benchmark Programming Tool",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.71"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm",
"url": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm",
"refsource": "MISC",
"url": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
"name": "https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
},
{
"name": "20220427 SEC Consult SA-20220427-0 :: Privilege Escalation in Miele Benchmark Programming Tool",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Apr/42"
},
{
"name": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html",
"url": "http://seclists.org/fulldisclosure/2022/Apr/42",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html"
"name": "http://seclists.org/fulldisclosure/2022/Apr/42"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-015/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-015/"
"url": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/166881/Miele-Benchmark-Programming-Tool-1.1.49-1.2.71-Privilege-Escalation.html"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-015/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2022-015/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "As a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.\n"
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>As a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.</p>"
}
],
"value": "As a further risk-minimizing measure, the write permissions of the installation folder C:\\\\Miele_Service\\\\ Miele Benchmark Programming Tool can be adjusted so that an exchange of files is only possible with administrative permissions. This is also possible without reinstalling or updating the tool. The procedure for adjusting the permissions depends on the Microsoft Windows operating system environment used and in most cases requires administrative rights.\n\n"
}
]
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm</p>"
}
],
"value": "A new version (1.2.72) of the Benchmark Programming Tool, which closes the named vulnerability, is available for download on the Miele website: https://www.miele.de/p/miele-benchmark-programming-tool-2296.htm\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "SEC Consult Vulnerability Lab identified and reported the vulnerability to Miele PSIRT."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

6
2022/4xxx/CVE-2022-4224.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
"value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-668 Exposure of Resource to Wrong Sphere",
"cweId": "CWE-668"
"value": "CWE-1188 Insecure Default Initialization of Resource",
"cweId": "CWE-1188"
}
]
}

4
2023/2xxx/CVE-2023-2760.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}

18
2023/4xxx/CVE-2023-4270.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}