From dec6c08298cdae29e8a836d4056cbb9e44568151 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 3 Oct 2024 23:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/41xxx/CVE-2024-41925.json | 99 +++++++++++++++++++++++++++++-- 2024/42xxx/CVE-2024-42417.json | 104 +++++++++++++++++++++++++++++++-- 2024/43xxx/CVE-2024-43699.json | 104 +++++++++++++++++++++++++++++++-- 2024/45xxx/CVE-2024-45367.json | 99 +++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9506.json | 18 ++++++ 2024/9xxx/CVE-2024-9507.json | 18 ++++++ 6 files changed, 426 insertions(+), 16 deletions(-) create mode 100644 2024/9xxx/CVE-2024-9506.json create mode 100644 2024/9xxx/CVE-2024-9507.json diff --git a/2024/41xxx/CVE-2024-41925.json b/2024/41xxx/CVE-2024-41925.json index 08b57b356e6..cdb0b55179e 100644 --- a/2024/41xxx/CVE-2024-41925.json +++ b/2024/41xxx/CVE-2024-41925.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-41925", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Optigo Networks", + "product": { + "product_data": [ + { + "product_name": "ONS-S8 Spectra Aggregation Switch", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-275-01", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Optigo Networks recommends users always use a unique management VLAN for the port on the ONS-S8 that is used to connect to OneView.

Optigo Networks also recommends users implement at least one of the following additional mitigations:

\n\n
" + } + ], + "value": "Optigo Networks recommends users always use a unique management VLAN for the port on the ONS-S8 that is used to connect to OneView.\n\nOptigo Networks also recommends users implement at least one of the following additional mitigations:\n\n * Use a dedicated NIC on the BMS computer and exclusively this computer for connecting to OneView to manage your OT network configuration.\n * Set up a router firewall with a white list for the devices permitted to access OneView.\n * Connect to OneView via secure VPN." + } + ], + "credits": [ + { + "lang": "en", + "value": "Claroty Team82 reported this vulnerability to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/42xxx/CVE-2024-42417.json b/2024/42xxx/CVE-2024-42417.json index 1123f67f2cb..1f1ab4d207b 100644 --- a/2024/42xxx/CVE-2024-42417.json +++ b/2024/42xxx/CVE-2024-42417.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-42417", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "v1.10.01.008" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03" + }, + { + "url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory", + "refsource": "MISC", + "name": "https://www.deltaww.com/en-US/Cybersecurity_Advisory" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-277-03", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.

For more information on this issue, please see the Delta product cybersecurity advisory.

\n\n
" + } + ], + "value": "Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. https://www.deltaww.com/en-US/customerService \n\nFor more information on this issue, please see the Delta product cybersecurity advisory. https://www.deltaww.com/en-US/Cybersecurity_Advisory" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/43xxx/CVE-2024-43699.json b/2024/43xxx/CVE-2024-43699.json index b93c85e28c4..462d58e31f4 100644 --- a/2024/43xxx/CVE-2024-43699.json +++ b/2024/43xxx/CVE-2024-43699.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-43699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "DIAEnergie", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "v1.10.01.008" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-03" + }, + { + "url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory", + "refsource": "MISC", + "name": "https://www.deltaww.com/en-US/Cybersecurity_Advisory" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-277-03", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents.

For more information on this issue, please see the Delta product cybersecurity advisory.

\n\n
" + } + ], + "value": "Delta recommends users update to DIAEnergie v1.10.01.009. Users can request this version of DIAEnergie from Delta Electronics' regional sales or agents. https://www.deltaww.com/en-US/customerService \n\nFor more information on this issue, please see the Delta product cybersecurity advisory. https://www.deltaww.com/en-US/Cybersecurity_Advisory" + } + ], + "credits": [ + { + "lang": "en", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/45xxx/CVE-2024-45367.json b/2024/45xxx/CVE-2024-45367.json index 4d2c47a6653..5615f70b642 100644 --- a/2024/45xxx/CVE-2024-45367.json +++ b/2024/45xxx/CVE-2024-45367.json @@ -1,17 +1,108 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-45367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1390", + "cweId": "CWE-1390" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Optigo Networks", + "product": { + "product_data": [ + { + "product_name": "ONS-S8 Spectra Aggregation Switch", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "1.3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "ICSA-24-275-01", + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Optigo Networks recommends users always use a unique management VLAN for the port on the ONS-S8 that is used to connect to OneView.

Optigo Networks also recommends users implement at least one of the following additional mitigations:

\n\n
" + } + ], + "value": "Optigo Networks recommends users always use a unique management VLAN for the port on the ONS-S8 that is used to connect to OneView.\n\nOptigo Networks also recommends users implement at least one of the following additional mitigations:\n\n * Use a dedicated NIC on the BMS computer and exclusively this computer for connecting to OneView to manage your OT network configuration.\n * Set up a router firewall with a white list for the devices permitted to access OneView.\n * Connect to OneView via secure VPN." + } + ], + "credits": [ + { + "lang": "en", + "value": "Claroty Team82 reported this vulnerability to CISA." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9506.json b/2024/9xxx/CVE-2024-9506.json new file mode 100644 index 00000000000..8fc9539fa20 --- /dev/null +++ b/2024/9xxx/CVE-2024-9506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/9xxx/CVE-2024-9507.json b/2024/9xxx/CVE-2024-9507.json new file mode 100644 index 00000000000..0bdd0ca8077 --- /dev/null +++ b/2024/9xxx/CVE-2024-9507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-9507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file