mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 11:06:39 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
d1459be7c1
commit
d9cbe98968
@ -56,7 +56,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain\nlog files that store login credentials in cleartext.\nIn configurations where the FTP service is enabled, authenticated remote\nattackers could extract login credentials of other users of the service.\n\n"
|
||||
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0). The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server (CCS) maintain log files that store login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video\nServer contain a path traversal vulnerability\nthat could allow an authenticated remote attacker to access and download\narbitrary files from the server, if the FTP services are enabled.\n\n"
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a path traversal vulnerability, that could allow an\nunauthenticated remote attacker to access and download arbitrary files from the server.\n\n"
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests.\n\n"
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -59,4 +59,4 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -46,7 +46,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks.\n\n"
|
||||
"value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -59,4 +59,4 @@
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -66,7 +66,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a\nDenial-of-Service on port 102. A cold restart is required to recover the service.\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -136,7 +136,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -106,15 +106,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -826,7 +826,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7), RUGGEDCOM RM1224 (All Versions < V6.4), SCALANCE M-800 (All Versions < V6.4), SCALANCE S615 (All Versions < V6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M PoE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions < V4.3), SCALANCE XC-200 (All versions < V4.3), SCALANCE XF-200BA (All versions < V4.3), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions < V4.3), SCALANCE XR-300WG (All versions < V4.3), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M PoE (All versions), SCALANCE XR324-4M PoE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions >= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.\n\n"
|
||||
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7), RUGGEDCOM RM1224 (All Versions < V6.4), SCALANCE M-800 (All Versions < V6.4), SCALANCE S615 (All Versions < V6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M PoE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions < V4.3), SCALANCE XC-200 (All versions < V4.3), SCALANCE XF-200BA (All versions < V4.3), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions < V4.3), SCALANCE XR-300WG (All versions < V4.3), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M PoE (All versions), SCALANCE XR324-4M PoE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions >= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -67,6 +67,11 @@
|
||||
"refsource": "MISC",
|
||||
"url": "https://lists.apache.org/thread.html/r337be65e504eac52a12e89d7de40345e5d335deee9dd7288f7f59b81%40%3Cdev.servicecomb.apache.org%3E",
|
||||
"name": "https://lists.apache.org/thread.html/r337be65e504eac52a12e89d7de40345e5d335deee9dd7288f7f59b81%40%3Cdev.servicecomb.apache.org%3E"
|
||||
},
|
||||
{
|
||||
"refsource": "MLIST",
|
||||
"name": "[announce] 20210809 CVE-2021-21501: Apache ServiceComb: ServiceComb ServiceCenter Directory Traversal",
|
||||
"url": "https://lists.apache.org/thread.html/r337be65e504eac52a12e89d7de40345e5d335deee9dd7288f7f59b81@%3Cannounce.apache.org%3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -56,15 +56,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected\nsystem could lead to extensive memory being consumed and as such\ncould cause a denial-of-service preventing legitimate users from\nusing the system.\n"
|
||||
"value": "A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -156,17 +156,12 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition.\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
|
||||
@ -176,6 +171,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -156,24 +156,26 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side,\nwhich can potentially result in code execution.\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -156,17 +156,12 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side,\nwhich could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition.\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). A remote attacker could send specially crafted packets to SmartVNC device layout handler on client side, which could influence the amount of resources consumed and result in a Denial-of-Service (infinite loop) condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
|
||||
@ -176,6 +171,11 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -156,22 +156,12 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition.\n\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" & 15\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the device layout handler on client side, which could result in a Denial-of-Service condition."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
|
||||
@ -186,6 +176,16 @@
|
||||
"refsource": "MISC",
|
||||
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
|
||||
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -56,15 +56,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.\n"
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (All versions < V13.2.0.1). When parsing specially crafted CGM Files, a NULL pointer deference condition could cause the application to crash. The application must be restarted to restore the service. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -46,15 +46,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection.\n\nAn authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.\n\n"
|
||||
"value": "A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -56,15 +56,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)\n\n"
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (All versions < V13.2.0.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13405)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -46,15 +46,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device.\n"
|
||||
"value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -46,15 +46,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.\n"
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -46,15 +46,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13777)\n"
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13777)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -46,15 +46,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13775)\n"
|
||||
"value": "A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library lacks proper validation while parsing user-supplied OBJ files that could cause an out of bounds access to an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13775)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -96,6 +96,11 @@
|
||||
"refsource": "MLIST",
|
||||
"name": "[debian-lts-announce] 20210809 [SECURITY] [DLA 2736-1] lynx security update",
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html"
|
||||
},
|
||||
{
|
||||
"refsource": "DEBIAN",
|
||||
"name": "DSA-4953",
|
||||
"url": "https://www.debian.org/security/2021/dsa-4953"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user