mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
1829638eb1
commit
da6ff33a4f
@ -1216,7 +1216,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100, RUGGEDCOM ROS M2200, RUGGEDCOM ROS M969, RUGGEDCOM ROS RMC, RUGGEDCOM ROS RMC20, RUGGEDCOM ROS RMC30, RUGGEDCOM ROS RMC30 V4.X, RUGGEDCOM ROS RMC40, RUGGEDCOM ROS RMC41, RUGGEDCOM ROS RMC8388, RUGGEDCOM ROS RMC8388 V4.X, RUGGEDCOM ROS RMC8388 V5.X, RUGGEDCOM ROS RP110, RUGGEDCOM ROS RP110 V4.X, RUGGEDCOM ROS RS1600 V4.X, RUGGEDCOM ROS RS1600F V4.X, RUGGEDCOM ROS RS1600T V4.X, RUGGEDCOM ROS RS400, RUGGEDCOM ROS RS400 V4.X, RUGGEDCOM ROS RS401, RUGGEDCOM ROS RS401 V4.X, RUGGEDCOM ROS RS416, RUGGEDCOM ROS RS416Pv2 V4.X, RUGGEDCOM ROS RS416Pv2 V5.X, RUGGEDCOM ROS RS416v2, RUGGEDCOM ROS RS416v2 V4.X, RUGGEDCOM ROS RS416v2 V5.X, RUGGEDCOM ROS RS8000, RUGGEDCOM ROS RS8000 V4.X, RUGGEDCOM ROS RS8000A, RUGGEDCOM ROS RS8000A V4.X, RUGGEDCOM ROS RS8000H, RUGGEDCOM ROS RS8000H V4.X, RUGGEDCOM ROS RS8000T, RUGGEDCOM ROS RS8000T V4.X, RUGGEDCOM ROS RS900 (32M), RUGGEDCOM ROS RS900 (32M) V4.X, RUGGEDCOM ROS RS900 (32M) V5.X, RUGGEDCOM ROS RS900 V4.X, RUGGEDCOM ROS RS900G, RUGGEDCOM ROS RS900G (32M), RUGGEDCOM ROS RS900G (32M) V4.X, RUGGEDCOM ROS RS900G (32M) V5.X, RUGGEDCOM ROS RS900G V4.X, RUGGEDCOM ROS RS900GP, RUGGEDCOM ROS RS900GP V4.X, RUGGEDCOM ROS RS900L, RUGGEDCOM ROS RS900L V4.X, RUGGEDCOM ROS RS900M V4.X, RUGGEDCOM ROS RS900W, RUGGEDCOM ROS RS900W V4.X, RUGGEDCOM ROS RS910, RUGGEDCOM ROS RS910 V4.X, RUGGEDCOM ROS RS910L, RUGGEDCOM ROS RS910L V4.X, RUGGEDCOM ROS RS910W, RUGGEDCOM ROS RS910W V4.X, RUGGEDCOM ROS RS920L, RUGGEDCOM ROS RS920L V4.X, RUGGEDCOM ROS RS920W, RUGGEDCOM ROS RS920W V4.X, RUGGEDCOM ROS RS930L, RUGGEDCOM ROS RS930L V4.X, RUGGEDCOM ROS RS930W, RUGGEDCOM ROS RS930W V4.X, RUGGEDCOM ROS RS940G, RUGGEDCOM ROS RS940G V4.X, RUGGEDCOM ROS RS969, RUGGEDCOM ROS RSG2100, RUGGEDCOM ROS RSG2100 (32M), RUGGEDCOM ROS RSG2100 (32M) V4.X, RUGGEDCOM ROS RSG2100 (32M) V5.X, RUGGEDCOM ROS RSG2100 V4.X, RUGGEDCOM ROS RSG2100P, RUGGEDCOM ROS RSG2100P V4.X, RUGGEDCOM ROS RSG2200, RUGGEDCOM ROS RSG2200 V4.X, RUGGEDCOM ROS RSG2288, RUGGEDCOM ROS RSG2288 V4.X, RUGGEDCOM ROS RSG2288 V5.X, RUGGEDCOM ROS RSG2300, RUGGEDCOM ROS RSG2300 V4.X, RUGGEDCOM ROS RSG2300 V5.X, RUGGEDCOM ROS RSG2300P, RUGGEDCOM ROS RSG2300P V4.X, RUGGEDCOM ROS RSG2300P V5.X, RUGGEDCOM ROS RSG2488, RUGGEDCOM ROS RSG2488 V4.X, RUGGEDCOM ROS RSG2488 V5.X, RUGGEDCOM ROS RSG907R, RUGGEDCOM ROS RSG907R V5.X, RUGGEDCOM ROS RSG908C, RUGGEDCOM ROS RSG908C V5.X, RUGGEDCOM ROS RSG909R, RUGGEDCOM ROS RSG909R V5.X, RUGGEDCOM ROS RSG910C, RUGGEDCOM ROS RSG910C V5.X, RUGGEDCOM ROS RSG920P, RUGGEDCOM ROS RSG920P V4.X, RUGGEDCOM ROS RSG920P V5.X, RUGGEDCOM ROS RSL910, RUGGEDCOM ROS RSL910 V5.X, RUGGEDCOM ROS RST2228, RUGGEDCOM ROS RST2228 V5.X, RUGGEDCOM ROS RST2228P, RUGGEDCOM ROS RST2228P V5.X, RUGGEDCOM ROS RST916C, RUGGEDCOM ROS RST916C V5.X, RUGGEDCOM ROS RST916P, RUGGEDCOM ROS RST916P V5.X, RUGGEDCOM ROS i800, RUGGEDCOM ROS i800 V4.X, RUGGEDCOM ROS i801, RUGGEDCOM ROS i801 V4.X, RUGGEDCOM ROS i802, RUGGEDCOM ROS i802 V4.X, RUGGEDCOM ROS i803, RUGGEDCOM ROS i803 V4.X. The SSH server on affected devices is configured to offer weak ciphers by default.\n\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM ROS M2100, RUGGEDCOM ROS M2200, RUGGEDCOM ROS M969, RUGGEDCOM ROS RMC, RUGGEDCOM ROS RMC20, RUGGEDCOM ROS RMC30, RUGGEDCOM ROS RMC30 V4.X, RUGGEDCOM ROS RMC40, RUGGEDCOM ROS RMC41, RUGGEDCOM ROS RMC8388, RUGGEDCOM ROS RMC8388 V4.X, RUGGEDCOM ROS RMC8388 V5.X, RUGGEDCOM ROS RP110, RUGGEDCOM ROS RP110 V4.X, RUGGEDCOM ROS RS1600 V4.X, RUGGEDCOM ROS RS1600F V4.X, RUGGEDCOM ROS RS1600T V4.X, RUGGEDCOM ROS RS400, RUGGEDCOM ROS RS400 V4.X, RUGGEDCOM ROS RS401, RUGGEDCOM ROS RS401 V4.X, RUGGEDCOM ROS RS416, RUGGEDCOM ROS RS416Pv2 V4.X, RUGGEDCOM ROS RS416Pv2 V5.X, RUGGEDCOM ROS RS416v2, RUGGEDCOM ROS RS416v2 V4.X, RUGGEDCOM ROS RS416v2 V5.X, RUGGEDCOM ROS RS8000, RUGGEDCOM ROS RS8000 V4.X, RUGGEDCOM ROS RS8000A, RUGGEDCOM ROS RS8000A V4.X, RUGGEDCOM ROS RS8000H, RUGGEDCOM ROS RS8000H V4.X, RUGGEDCOM ROS RS8000T, RUGGEDCOM ROS RS8000T V4.X, RUGGEDCOM ROS RS900 (32M), RUGGEDCOM ROS RS900 (32M) V4.X, RUGGEDCOM ROS RS900 (32M) V5.X, RUGGEDCOM ROS RS900 V4.X, RUGGEDCOM ROS RS900G, RUGGEDCOM ROS RS900G (32M), RUGGEDCOM ROS RS900G (32M) V4.X, RUGGEDCOM ROS RS900G (32M) V5.X, RUGGEDCOM ROS RS900G V4.X, RUGGEDCOM ROS RS900GP, RUGGEDCOM ROS RS900GP V4.X, RUGGEDCOM ROS RS900L, RUGGEDCOM ROS RS900L V4.X, RUGGEDCOM ROS RS900M V4.X, RUGGEDCOM ROS RS900W, RUGGEDCOM ROS RS900W V4.X, RUGGEDCOM ROS RS910, RUGGEDCOM ROS RS910 V4.X, RUGGEDCOM ROS RS910L, RUGGEDCOM ROS RS910L V4.X, RUGGEDCOM ROS RS910W, RUGGEDCOM ROS RS910W V4.X, RUGGEDCOM ROS RS920L, RUGGEDCOM ROS RS920L V4.X, RUGGEDCOM ROS RS920W, RUGGEDCOM ROS RS920W V4.X, RUGGEDCOM ROS RS930L, RUGGEDCOM ROS RS930L V4.X, RUGGEDCOM ROS RS930W, RUGGEDCOM ROS RS930W V4.X, RUGGEDCOM ROS RS940G, RUGGEDCOM ROS RS940G V4.X, RUGGEDCOM ROS RS969, RUGGEDCOM ROS RSG2100, RUGGEDCOM ROS RSG2100 (32M), RUGGEDCOM ROS RSG2100 (32M) V4.X, RUGGEDCOM ROS RSG2100 (32M) V5.X, RUGGEDCOM ROS RSG2100 V4.X, RUGGEDCOM ROS RSG2100P, RUGGEDCOM ROS RSG2100P V4.X, RUGGEDCOM ROS RSG2200, RUGGEDCOM ROS RSG2200 V4.X, RUGGEDCOM ROS RSG2288, RUGGEDCOM ROS RSG2288 V4.X, RUGGEDCOM ROS RSG2288 V5.X, RUGGEDCOM ROS RSG2300, RUGGEDCOM ROS RSG2300 V4.X, RUGGEDCOM ROS RSG2300 V5.X, RUGGEDCOM ROS RSG2300P, RUGGEDCOM ROS RSG2300P V4.X, RUGGEDCOM ROS RSG2300P V5.X, RUGGEDCOM ROS RSG2488, RUGGEDCOM ROS RSG2488 V4.X, RUGGEDCOM ROS RSG2488 V5.X, RUGGEDCOM ROS RSG907R, RUGGEDCOM ROS RSG907R V5.X, RUGGEDCOM ROS RSG908C, RUGGEDCOM ROS RSG908C V5.X, RUGGEDCOM ROS RSG909R, RUGGEDCOM ROS RSG909R V5.X, RUGGEDCOM ROS RSG910C, RUGGEDCOM ROS RSG910C V5.X, RUGGEDCOM ROS RSG920P, RUGGEDCOM ROS RSG920P V4.X, RUGGEDCOM ROS RSG920P V5.X, RUGGEDCOM ROS RSL910, RUGGEDCOM ROS RSL910 V5.X, RUGGEDCOM ROS RST2228, RUGGEDCOM ROS RST2228 V5.X, RUGGEDCOM ROS RST2228P, RUGGEDCOM ROS RST2228P V5.X, RUGGEDCOM ROS RST916C, RUGGEDCOM ROS RST916C V5.X, RUGGEDCOM ROS RST916P, RUGGEDCOM ROS RST916P V5.X, RUGGEDCOM ROS i800, RUGGEDCOM ROS i800 V4.X, RUGGEDCOM ROS i801, RUGGEDCOM ROS i801 V4.X, RUGGEDCOM ROS i802, RUGGEDCOM ROS i802 V4.X, RUGGEDCOM ROS i803, RUGGEDCOM ROS i803 V4.X. The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -56,7 +56,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice.\n\nThis could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice."
|
||||
"value": "A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -356,15 +356,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking.\n\nThis could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack."
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.19), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.19), SIMATIC PC Station (All versions >= V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.19), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.19), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-PLCSIM Advanced (All versions), SIMATIC WinCC Runtime Advanced (All versions), SINUMERIK ONE (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.19), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.19), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.19), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.19), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.19). The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1906,7 +1906,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Affected devices do not properly authorize the change password function of the web interface.\nThis could allow low privileged users to escalate their privileges."
|
||||
"value": "Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -76,7 +76,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application.\n\nFor compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled."
|
||||
"value": "A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -126,7 +126,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication.\n\nThis could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication."
|
||||
"value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINUMERIK MC (All versions), SINUMERIK ONE (All versions). Affected products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -138,8 +138,9 @@
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -86,15 +86,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -96,15 +96,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745)"
|
||||
"value": "A vulnerability has been identified in Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.0 (All versions >= V34.0.252 < V34.0.254), Parasolid V34.1 (All versions < V34.1.242), Parasolid V34.1 (All versions >= V34.1.242 < V34.1.244), Parasolid V35.0 (All versions < V35.0.170), Parasolid V35.0 (All versions >= V35.0.170 < V35.0.184). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17745)"
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -666,7 +666,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All versions), RUGGEDCOM ROS RMC8388 V4.X (All versions), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RP110 V4.X (All versions), RUGGEDCOM ROS RS1600 V4.X (All versions), RUGGEDCOM ROS RS1600F V4.X (All versions), RUGGEDCOM ROS RS1600T V4.X (All versions), RUGGEDCOM ROS RS400 V4.X (All versions), RUGGEDCOM ROS RS401 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 V4.X (All versions), RUGGEDCOM ROS RS416v2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS8000 V4.X (All versions), RUGGEDCOM ROS RS8000A V4.X (All versions), RUGGEDCOM ROS RS8000H V4.X (All versions), RUGGEDCOM ROS RS8000T V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900 V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900G V4.X (All versions), RUGGEDCOM ROS RS900GP V4.X (All versions), RUGGEDCOM ROS RS900L V4.X (All versions), RUGGEDCOM ROS RS900M V4.X (All versions), RUGGEDCOM ROS RS900W V4.X (All versions), RUGGEDCOM ROS RS910 V4.X (All versions), RUGGEDCOM ROS RS910L V4.X (All versions), RUGGEDCOM ROS RS910W V4.X (All versions), RUGGEDCOM ROS RS920L V4.X (All versions), RUGGEDCOM ROS RS920W V4.X (All versions), RUGGEDCOM ROS RS930L V4.X (All versions), RUGGEDCOM ROS RS930W V4.X (All versions), RUGGEDCOM ROS RS940G V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 V4.X (All versions), RUGGEDCOM ROS RSG2100P V4.X (All versions), RUGGEDCOM ROS RSG2200 V4.X (All versions), RUGGEDCOM ROS RSG2288 V4.X (All versions), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V4.X (All versions), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V4.X (All versions), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V4.X (All versions), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG907R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG908C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG909R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG910C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V4.X (All versions), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916P V5.X (All versions < V5.6.0), RUGGEDCOM ROS i800 V4.X (All versions), RUGGEDCOM ROS i801 V4.X (All versions), RUGGEDCOM ROS i802 V4.X (All versions), RUGGEDCOM ROS i803 V4.X (All versions). Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks.\n\nThis could allow a remote attacker to create a denial of service condition that persists until the attack ends."
|
||||
"value": "A vulnerability has been identified in RUGGEDCOM ROS RMC30 V4.X (All versions), RUGGEDCOM ROS RMC8388 V4.X (All versions), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RP110 V4.X (All versions), RUGGEDCOM ROS RS1600 V4.X (All versions), RUGGEDCOM ROS RS1600F V4.X (All versions), RUGGEDCOM ROS RS1600T V4.X (All versions), RUGGEDCOM ROS RS400 V4.X (All versions), RUGGEDCOM ROS RS401 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V4.X (All versions), RUGGEDCOM ROS RS416Pv2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS416v2 V4.X (All versions), RUGGEDCOM ROS RS416v2 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS8000 V4.X (All versions), RUGGEDCOM ROS RS8000A V4.X (All versions), RUGGEDCOM ROS RS8000H V4.X (All versions), RUGGEDCOM ROS RS8000T V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V4.X (All versions), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900 V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V4.X (All versions), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RS900G V4.X (All versions), RUGGEDCOM ROS RS900GP V4.X (All versions), RUGGEDCOM ROS RS900L V4.X (All versions), RUGGEDCOM ROS RS900M V4.X (All versions), RUGGEDCOM ROS RS900W V4.X (All versions), RUGGEDCOM ROS RS910 V4.X (All versions), RUGGEDCOM ROS RS910L V4.X (All versions), RUGGEDCOM ROS RS910W V4.X (All versions), RUGGEDCOM ROS RS920L V4.X (All versions), RUGGEDCOM ROS RS920W V4.X (All versions), RUGGEDCOM ROS RS930L V4.X (All versions), RUGGEDCOM ROS RS930W V4.X (All versions), RUGGEDCOM ROS RS940G V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2100 V4.X (All versions), RUGGEDCOM ROS RSG2100P V4.X (All versions), RUGGEDCOM ROS RSG2200 V4.X (All versions), RUGGEDCOM ROS RSG2288 V4.X (All versions), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 V4.X (All versions), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P V4.X (All versions), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 V4.X (All versions), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG907R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG908C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG909R V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG910C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSG920P V4.X (All versions), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RSL910 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228 V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST2228P V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916C V5.X (All versions < V5.6.0), RUGGEDCOM ROS RST916P V5.X (All versions < V5.6.0), RUGGEDCOM ROS i800 V4.X (All versions), RUGGEDCOM ROS i801 V4.X (All versions), RUGGEDCOM ROS i802 V4.X (All versions), RUGGEDCOM ROS i803 V4.X (All versions). Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -678,8 +678,9 @@
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdf"
|
||||
},
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -76,15 +76,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -76,15 +76,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -76,15 +76,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -76,15 +76,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -76,15 +76,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
|
||||
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -73,8 +73,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -56,15 +56,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."
|
||||
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -56,15 +56,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
|
||||
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -63,8 +63,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -63,8 +63,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -53,8 +53,9 @@
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -116,15 +116,16 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.\n\nThis CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration."
|
||||
"value": "A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration."
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
|
||||
"refsource": "MISC",
|
||||
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf",
|
||||
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-638652.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
18
2022/45xxx/CVE-2022-45048.json
Normal file
18
2022/45xxx/CVE-2022-45048.json
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-45048",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user