admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Siemens from 2018-09-12.

Browse Source
This commit is contained in:
CVE Team 2018-09-12 09:01:19 -04:00
parent 41d11c8630
commit dd620581f7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 150 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
2017/12xxx/CVE-2017-12741.json
View File

@ -12,33 +12,9 @@
"product" : {
"product_data" : [
{
"product_name" : "SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS SM150 V4.7 w. SIMOTION and PROFINET, SIMATIC S7-200 Smart, SIMATIC S7-400 PN V6, SIMATIC S7-400 H V6, SIMATIC S7-400 PN/DP V7, SIMATIC S7-410 V8, SIMATIC S7-300, SIMATIC S7-1200, SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, SIMATIC WinAC RTX 2010 incl. F, SIMATIC ET 200AL, SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200MP IM155-5 PN BA, SIMATIC ET 200MP IM155-5 PN ST, SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST), SIMATIC ET 200pro, SIMATIC ET 200S, SIMATIC ET 200SP, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, SIMOTION D, SIMOTION C, SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M w. PN, SINAMICS G120 (C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIMATIC Compact Field Unit, SIMATIC PN/PN Coupler, SIMOCODE pro V PROFINET, SIRIUS Soft Starter 3RW44 PN",
"product_name" : "SIMATIC S7-200 Smart, SIMATIC S7-400 PN V6, SIMATIC S7-400 H V6, SIMATIC S7-400 PN/DP V7, SIMATIC S7-410 V8, SIMATIC S7-300, SIMATIC S7-1200, SIMATIC S7-1500, SIMATIC S7-1500 Software Controller, SIMATIC WinAC RTX 2010 incl. F, SIMATIC ET 200AL, SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200MP IM155-5 PN BA, SIMATIC ET 200MP IM155-5 PN ST, SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST), SIMATIC ET 200pro, SIMATIC ET 200S, SIMATIC ET 200SP, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, SIMOTION D, SIMOTION C, SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120 (C/P/D) w. PN, SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS S110 w. PN, SINAMICS S120 V4.7 w. PN, SINAMICS S120 V4.8 w. PN, SINAMICS S150 V4.7 w=2E PN, SINAMICS S150 V4.8 w. PN, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIMATIC Compact Field Unit, SIMATIC PN/PN Coupler, SIMOCODE pro V PROFINET, SIRIUS Soft Starter 3RW44 PN",
"version" : {
"version_data" : [
{
"version_value" : "SINAMICS GH150 V4.7 w. PROFINET : All versions < V4.7 SP5 HF7"
},
{
"version_value" : "SINAMICS GL150 V4.7 w. PROFINET : All versions < V4.8 SP2"
},
{
"version_value" : "SINAMICS GM150 V4.7 w. PROFINET : All versions < V4.8 SP2"
},
{
"version_value" : "SINAMICS SL150 V4.7.0 w. PROFINET : All versions < V4.7 HF30"
},
{
"version_value" : "SINAMICS SL150 V4.7.4 w. PROFINET : All versions < V4.8 SP2"
},
{
"version_value" : "SINAMICS SL150 V4.7.5 w. PROFINET : All versions < V4.8 SP2"
},
{
"version_value" : "SINAMICS SM120 V4.7 w. PROFINET : All versions < V4.8 SP2"
},
{
"version_value" : "SINAMICS SM150 V4.7 w. SIMOTION and PROFINET : All versions"
},
{
"version_value" : "SIMATIC S7-200 Smart : All versions < V2.03.01"
},
@ -46,7 +22,7 @@
"version_value" : "SIMATIC S7-400 PN V6 : All versions < V6.0.6"
},
{
"version_value" : "SIMATIC S7-400 H V6 : All versions < V6.0.8"
"version_value" : "SIMATIC S7-400 H V6 : All versions < V6.0=2E8"
},
{
"version_value" : "SIMATIC S7-400 PN/DP V7 : All versions < V7.0.2"
@ -118,10 +94,10 @@
"version_value" : "SIMOTION P V5 : All versions < V5.1 HF1"
},
{
"version_value" : "SINAMICS DCM : All versions"
"version_value" : "SINAMICS DCM w. PN : All versions < V1.4 SP1 HF6"
},
{
"version_value" : "SINAMICS DCP : All versions"
"version_value" : "SINAMICS DCP w. PN : All versions < V1.2 HF2"
},
{
"version_value" : "SINAMICS G110M w. PN : All versions < V4.7 SP9 HF1"
@ -139,7 +115,7 @@
"version_value" : "SINAMICS G150 V4.7 w. PN : All versions < V4.7 HF29"
},
{
"version_value" : "SINAMICS G150 V4.8 w. PN : All versions < V4.8 HF4"
"version_value" : "SINAMICS G150 V4.8 w. PN : All versions < V4=2E8 HF4"
},
{
"version_value" : "SINAMICS S110 w. PN : All versions < V4.4 SP3 HF6"
@ -191,7 +167,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SINAMICS GH150 V4.7 w. PROFINET (All versions < V4.7 SP5 HF7), SINAMICS GL150 V4.7 w. PROFINET (All versions < V4.8 SP2), SINAMICS GM150 V4.7 w. PROFINET (All versions < V4.8 SP2), SINAMICS SL150 V4.7.0 w. PROFINET (All versions < V4.7 HF30), SINAMICS SL150 V4.7.4 w. PROFINET (All versions < V4.8 SP2), SINAMICS SL150 V4.7.5 w. PROFINET (All versions < V4.8 SP2), SINAMICS SM120 V4.7 w. PROFINET (All versions < V4.8 SP2), SINAMICS SM150 V4.7 w. SIMOTION and PROFINET (All versions), SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions), SIMATIC S7-300 (All versions), SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M w. PN (All versions < V4.7 SP9 HF1), SINAMICS G120 (C/P/D) w. PN (All versions < V4.7 SP9 HF1), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF6), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S120 V4.8 w. PN (All versions < V4.8 HF5), SINAMICS S150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS V90 w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions), SIMOCODE pro V PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions). Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually."
"value" : "A vulnerability has been identified in SIMATIC S7-200 Smart (All versions < V2.03.01), SIMATIC S7-400 PN V6 (All versions < V6.0.6), SIMATIC S7-400 H V6 (All versions < V6.0.8), SIMATIC S7-400 PN/DP V7 (All versions < V7.0.2), SIMATIC S7-410 V8 (All versions), SIMATIC S7-300 (All versions), SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC WinAC RTX 2010 incl. F (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.2), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5), SIMOTION D (All versions < V5.1 HF1), SIMOTION C (All versions < V5.1 HF1), SIMOTION P V4.4 and V4.5 (All versions < V4.5 HF5), SIMOTION P V5 (All versions < V5.1 HF1), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF6), SINAMICS DCP w. PN (All versions < V1.2 HF2), SINAMICS G110M w. PN (All versions < V4.7 SP9 HF1), SINAMICS G120 (C/P/D) w. PN (All versions < V4.7 SP9 HF1), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF6), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S120 V4.8 w. PN (All versions < V4.8 HF5), SINAMICS S150 V4.7 w. PN (All versions < V4.7 HF29), SINAMICS S150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS V90 w. PN (All versions < V1.02), SINUMERIK 840D sl (All versions), SIMATIC Compact Field Unit (All versions), SIMATIC PN/PN Coupler (All versions), SIMOCODE pro V PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions). Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually."
}
]
},

49
2018/13xxx/CVE-2018-13799.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00",
"ID" : "CVE-2018-13799",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SIMATIC WinCC OA V3.14 and prior",
"version" : {
"version_data" : [
{
"version_value" : "SIMATIC WinCC OA V3.14 and prior : All versions < V3.14-P021"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A vulnerability has been identified in SIMATIC WinCC OA V3=2E14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
}
]
}

49
2018/13xxx/CVE-2018-13806.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00",
"ID" : "CVE-2018-13806",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SIEMENS TD Keypad Designer",
"version" : {
"version_data" : [
{
"version_value" : "SIEMENS TD Keypad Designer : All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdf"
}
]
}

55
2018/13xxx/CVE-2018-13807.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00",
"ID" : "CVE-2018-13807",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SCALANCE X300, SCALANCE X408, SCALANCE X414",
"version" : {
"version_data" : [
{
"version_value" : "SCALANCE X300 : All versions < V4.0.0"
},
{
"version_value" : "SCALANCE X408 : All versions < V4.0.0"
},
{
"version_value" : "SCALANCE X414 : All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server. The device will automatically reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability. Neither valid credentials nor interaction by a legitimate user is required to exploit the vulnerability. There is no confidentiality or integrity impact, only availability is temporarily impacted. This vulnerability could be triggered by publicly available tools."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf"
}
]
}