admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 19:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-06 00:00:44 +00:00
parent 8f65f320b7
commit dce851f985
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 305 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2023/22xxx/CVE-2023-22450.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22450",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\nIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Advantech",
"product": {
"product_data": [
{
"product_name": "WebAccess/SCADA",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v9.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-23-152-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Advantech recommends WebAccess/SCADA users upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">v9.1.4</a><span style=\"background-color: rgb(255, 255, 255);\">. </span>\n\n<br>"
}
],
"value": "\nAdvantech recommends WebAccess/SCADA users upgrade to v9.1.4 https://www.advantech.com/en/support/details/installation . \n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "YangLiu from Elex Feigong Research Institute reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

20
2023/2xxx/CVE-2023-2612.json
View File

@ -64,6 +64,26 @@
"url": "https://ubuntu.com/security/CVE-2023-2612",
"refsource": "MISC",
"name": "https://ubuntu.com/security/CVE-2023-2612"
},
{
"url": "https://ubuntu.com/security/notices/USN-6122-1",
"refsource": "MISC",
"name": "https://ubuntu.com/security/notices/USN-6122-1"
},
{
"url": "https://ubuntu.com/security/notices/USN-6123-1",
"refsource": "MISC",
"name": "https://ubuntu.com/security/notices/USN-6123-1"
},
{
"url": "https://ubuntu.com/security/notices/USN-6124-1",
"refsource": "MISC",
"name": "https://ubuntu.com/security/notices/USN-6124-1"
},
{
"url": "https://ubuntu.com/security/notices/USN-6127-1",
"refsource": "MISC",
"name": "https://ubuntu.com/security/notices/USN-6127-1"
}
]
},

99
2023/32xxx/CVE-2023-32540.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Advantech",
"product": {
"product_data": [
{
"product_name": "WebAccess/SCADA",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v9.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-23-152-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Advantech recommends WebAccess/SCADA users upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">v9.1.4</a><span style=\"background-color: rgb(255, 255, 255);\">. </span>\n\n<br>"
}
],
"value": "\nAdvantech recommends WebAccess/SCADA users upgrade to v9.1.4 https://www.advantech.com/en/support/details/installation . \n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "YangLiu from Elex Feigong Research Institute reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2023/32xxx/CVE-2023-32628.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32628",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\n\n\nIn Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Advantech",
"product": {
"product_data": [
{
"product_name": "WebAccess/SCADA",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "v9.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-23-152-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Advantech recommends WebAccess/SCADA users upgrade to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\">v9.1.4</a><span style=\"background-color: rgb(255, 255, 255);\">. </span>\n\n<br>"
}
],
"value": "\nAdvantech recommends WebAccess/SCADA users upgrade to v9.1.4 https://www.advantech.com/en/support/details/installation . \n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "YangLiu from Elex Feigong Research Institute reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}