mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
8c180f0e00
commit
d77406b979
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-0223",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-22731",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-22732",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32512",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-07"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32513",
|
||||
"STATE": "PUBLIC"
|
||||
@ -135,8 +135,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32514",
|
||||
"STATE": "PUBLIC"
|
||||
@ -135,8 +135,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32515",
|
||||
"STATE": "PUBLIC"
|
||||
@ -12,7 +12,7 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Conext™ ComBox",
|
||||
"product_name": "Conext\u2122 ComBox",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)"
|
||||
"value": "A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext\u2122 ComBox (All Versions)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -74,8 +74,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32516",
|
||||
"STATE": "PUBLIC"
|
||||
@ -12,7 +12,7 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Conext™ ComBox",
|
||||
"product_name": "Conext\u2122 ComBox",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)"
|
||||
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system\u2019s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext\u2122 ComBox (All Versions)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -74,8 +74,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32517",
|
||||
"STATE": "PUBLIC"
|
||||
@ -12,7 +12,7 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Conext™ ComBox",
|
||||
"product_name": "Conext\u2122 ComBox",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -36,7 +36,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)"
|
||||
"value": "A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext\u2122 ComBox (All Versions)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -74,8 +74,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32518",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32519",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32520",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32521",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_+Data_Center_Expert_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-165-04"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32522",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32523",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32524",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32525",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32526",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32527",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32528",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32529",
|
||||
"STATE": "PUBLIC"
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification_V2.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32747",
|
||||
"STATE": "PUBLIC"
|
||||
@ -12,7 +12,7 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "EcoStruxure™ Cybersecurity Admin Expert (CAE)",
|
||||
"product_name": "EcoStruxure\u2122 Cybersecurity Admin Expert (CAE)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)"
|
||||
"value": "A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure\u2122 Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cybersecurity@se.com",
|
||||
"ASSIGNER": "cybersecurity@schneider-electric.com",
|
||||
"DATE_PUBLIC": "2022-06-14T07:00:00.000Z",
|
||||
"ID": "CVE-2022-32748",
|
||||
"STATE": "PUBLIC"
|
||||
@ -12,7 +12,7 @@
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "EcoStruxure™ Cybersecurity Admin Expert (CAE)",
|
||||
"product_name": "EcoStruxure\u2122 Cybersecurity Admin Expert (CAE)",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -37,7 +37,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)"
|
||||
"value": "A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure\u2122 Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -75,8 +75,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf",
|
||||
"name": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-48175",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2022-48175",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://github.com/y1s3m0/vulnfind/blob/main/rukovoditel/rce_ajax_request.md",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/y1s3m0/vulnfind/blob/main/rukovoditel/rce_ajax_request.md"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,106 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-22389",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore\u2013>Backup Settings, which could be read by any user accessing the file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-256 Plaintext Storage of a Password",
|
||||
"cweId": "CWE-256"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Snap One",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Wattbox WB-300-IP-3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "\n\n<p>Snap One has released the following updates for the affected products: </p><ul><li>Version <a target=\"_blank\" rel=\"nofollow\" href=\"https://app.ovrc.com/#/user-settings\">WB10.B929</a> (login required) </li></ul>\n\n<br>"
|
||||
}
|
||||
],
|
||||
"value": "\nSnap One has released the following updates for the affected products: \n\n * Version WB10.B929 https://app.ovrc.com/#/user-settings \u00a0(login required) \n\n\n\n\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Uri Katz of Claroty Research reported these vulnerabilities to CISA. "
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.7,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,17 +1,106 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-23582",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-122 Heap-Based Buffer Overflow",
|
||||
"cweId": "CWE-122"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Snap One",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Wattbox WB-300-IP-3",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "0",
|
||||
"version_affected": "="
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03",
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "\n\n<p>Snap One has released the following updates for the affected products: </p><ul><li>Version <a target=\"_blank\" rel=\"nofollow\" href=\"https://app.ovrc.com/#/user-settings\">WB10.B929</a> (login required) </li></ul>\n\n<br>"
|
||||
}
|
||||
],
|
||||
"value": "\nSnap One has released the following updates for the affected products: \n\n * Version WB10.B929 https://app.ovrc.com/#/user-settings \u00a0(login required) \n\n\n\n\n\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Uri Katz of Claroty Research reported these vulnerabilities to CISA. "
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user