"-Synchronized-Data."

This commit is contained in:
CVE Team 2024-03-01 21:00:33 +00:00
parent f8c2d5c37b
commit df1a72815b
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 765 additions and 28 deletions

View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\nIndustrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat \nZeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds \nread during the process of analyzing a specific Ethercat packet. This \ncould allow an attacker to crash the Zeek process and leak some \ninformation in memory.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CISA",
"product": {
"product_data": [
{
"product_name": "Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "d78dda6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nCISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin to <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cisagov/icsnpp-ethercat\">commit 3bca34c or later</a><span style=\"background-color: var(--wht);\">.</span><p>To help reduce successful exploitation, users are encouraged to keep \ncritical software updates and patches up to date in their system \nnetworks.</p>\n\n<br>"
}
],
"value": "CISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin to commit 3bca34c or later https://github.com/cisagov/icsnpp-ethercat .To help reduce successful exploitation, users are encouraged to keep \ncritical software updates and patches up to date in their system \nnetworks.\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Cameron Whitehead of HACK@UCF reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nIndustrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat \nZeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds \nwrite while analyzing specific Ethercat datagrams. This could allow an \nattacker to cause arbitrary code execution.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CISA",
"product": {
"product_data": [
{
"product_name": "Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "d78dda6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nCISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin to <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cisagov/icsnpp-ethercat\">commit 3bca34c or later</a><span style=\"background-color: var(--wht);\">.</span><p>To help reduce successful exploitation, users are encouraged to keep \ncritical software updates and patches up to date in their system \nnetworks.</p>\n\n<br>"
}
],
"value": "CISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin to commit 3bca34c or later https://github.com/cisagov/icsnpp-ethercat .To help reduce successful exploitation, users are encouraged to keep \ncritical software updates and patches up to date in their system \nnetworks.\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Cameron Whitehead of HACK@UCF reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-7244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat \nZeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds \nwrite in their primary analyses function for Ethercat communication \npackets. This could allow an attacker to cause arbitrary code execution.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CISA",
"product": {
"product_data": [
{
"product_name": "Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "d78dda6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nCISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin to <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cisagov/icsnpp-ethercat\">commit 3bca34c or later</a><span style=\"background-color: var(--wht);\">.</span><p>To help reduce successful exploitation, users are encouraged to keep \ncritical software updates and patches up to date in their system \nnetworks.</p>\n\n<br>"
}
],
"value": "CISA recommends that users update Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin to commit 3bca34c or later https://github.com/cisagov/icsnpp-ethercat .To help reduce successful exploitation, users are encouraged to keep \ncritical software updates and patches up to date in their system \nnetworks.\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Cameron Whitehead of HACK@UCF reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-20328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.\nClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "ClamAV",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.0"
},
{
"version_affected": "=",
"version_value": "1.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html",
"refsource": "MISC",
"name": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseSeverity": "MEDIUM",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
]
}

View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-21767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \nA remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Commend",
"product": {
"product_data": [
{
"product_name": "WS203VICM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01"
},
{
"url": "https://clibrary-online.commend.com/en/cyber-security/security-advisories.html",
"refsource": "MISC",
"name": "https://clibrary-online.commend.com/en/cyber-security/security-advisories.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-051-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nAlthough this is an end-of-life product, Commend has created new firmware <a target=\"_blank\" rel=\"nofollow\" href=\"https://clibrary-online.commend.com/\">version WS-CM 2.0</a>&nbsp;<span style=\"background-color: var(--wht);\">&nbsp;to\n address the first two issues. The new firmware can be loaded via the \nprogram \"IP Station Config\". To install the firmware, follow the \ninstructions below:</span><ol>\n<li>Log in to the Commend web-portal.</li>\n<li>Download and extract the \"Terminals Software Package\".</li>\n<li>In \"IP Station Config\", select the stations to be updated in the table.</li>\n<li>Go to: Menu Station &gt; Firmware Download</li>\n<li>Select the file \"WS-CM 2.0.geh\" from the folder \"WS-CM\" and click on the button Open.</li>\n</ol>\n<p>For additional information, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://clibrary-online.commend.com/en/cyber-security/security-advisories.html\">CSA-2024-42 on Commend's cybersecurity website.</a></p>\n\n<br>"
}
],
"value": "Although this is an end-of-life product, Commend has created new firmware version WS-CM 2.0 https://clibrary-online.commend.com/ \u00a0\u00a0to\n address the first two issues. The new firmware can be loaded via the \nprogram \"IP Station Config\". To install the firmware, follow the \ninstructions below:\n * Log in to the Commend web-portal.\n\n * Download and extract the \"Terminals Software Package\".\n\n * In \"IP Station Config\", select the stations to be updated in the table.\n\n * Go to: Menu Station > Firmware Download\n\n * Select the file \"WS-CM 2.0.geh\" from the folder \"WS-CM\" and click on the button Open.\n\n\nFor additional information, please visit CSA-2024-42 on Commend's cybersecurity website. https://clibrary-online.commend.com/en/cyber-security/security-advisories.html \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22182",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** A remote, unauthenticated attacker may be able to send crafted messages \nto the web server of the Commend WS203VICM causing the system to \nrestart, interrupting service.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88 Argument Injection",
"cweId": "CWE-88"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Commend",
"product": {
"product_data": [
{
"product_name": "WS203VICM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01"
},
{
"url": "https://clibrary-online.commend.com/en/cyber-security/security-advisories.html",
"refsource": "MISC",
"name": "https://clibrary-online.commend.com/en/cyber-security/security-advisories.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-051-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nAlthough this is an end-of-life product, Commend has created new firmware <a target=\"_blank\" rel=\"nofollow\" href=\"https://clibrary-online.commend.com/\">version WS-CM 2.0</a>&nbsp;<span style=\"background-color: var(--wht);\">&nbsp;to\n address the first two issues. The new firmware can be loaded via the \nprogram \"IP Station Config\". To install the firmware, follow the \ninstructions below:</span><ol>\n<li>Log in to the Commend web-portal.</li>\n<li>Download and extract the \"Terminals Software Package\".</li>\n<li>In \"IP Station Config\", select the stations to be updated in the table.</li>\n<li>Go to: Menu Station &gt; Firmware Download</li>\n<li>Select the file \"WS-CM 2.0.geh\" from the folder \"WS-CM\" and click on the button Open.</li>\n</ol>\n<p>For additional information, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://clibrary-online.commend.com/en/cyber-security/security-advisories.html\">CSA-2024-42 on Commend's cybersecurity website.</a></p>\n\n<br>"
}
],
"value": "Although this is an end-of-life product, Commend has created new firmware version WS-CM 2.0 https://clibrary-online.commend.com/ \u00a0\u00a0to\n address the first two issues. The new firmware can be loaded via the \nprogram \"IP Station Config\". To install the firmware, follow the \ninstructions below:\n * Log in to the Commend web-portal.\n\n * Download and extract the \"Terminals Software Package\".\n\n * In \"IP Station Config\", select the stations to be updated in the table.\n\n * Go to: Menu Station > Firmware Download\n\n * Select the file \"WS-CM 2.0.geh\" from the folder \"WS-CM\" and click on the button Open.\n\n\nFor additional information, please visit CSA-2024-42 on Commend's cybersecurity website. https://clibrary-online.commend.com/en/cyber-security/security-advisories.html \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-23492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPPORTED WHEN ASSIGNED ** \n\nA weak encoding is used to transmit credentials for WS203VICM.\n\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261",
"cweId": "CWE-261"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Commend",
"product": {
"product_data": [
{
"product_name": "WS203VICM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01"
},
{
"url": "https://clibrary-online.commend.com/en/cyber-security/security-advisories.html",
"refsource": "MISC",
"name": "https://clibrary-online.commend.com/en/cyber-security/security-advisories.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-051-01",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nAlthough this is an end-of-life product, Commend has created new firmware <a target=\"_blank\" rel=\"nofollow\" href=\"https://clibrary-online.commend.com/\">version WS-CM 2.0</a>&nbsp;<span style=\"background-color: var(--wht);\">&nbsp;to\n address the first two issues. The new firmware can be loaded via the \nprogram \"IP Station Config\". To install the firmware, follow the \ninstructions below:</span><ol>\n<li>Log in to the Commend web-portal.</li>\n<li>Download and extract the \"Terminals Software Package\".</li>\n<li>In \"IP Station Config\", select the stations to be updated in the table.</li>\n<li>Go to: Menu Station &gt; Firmware Download</li>\n<li>Select the file \"WS-CM 2.0.geh\" from the folder \"WS-CM\" and click on the button Open.</li>\n</ol>\n<p>For additional information, please visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://clibrary-online.commend.com/en/cyber-security/security-advisories.html\">CSA-2024-42 on Commend's cybersecurity website.</a></p>\n\n<br>"
}
],
"value": "Although this is an end-of-life product, Commend has created new firmware version WS-CM 2.0 https://clibrary-online.commend.com/ \u00a0\u00a0to\n address the first two issues. The new firmware can be loaded via the \nprogram \"IP Station Config\". To install the firmware, follow the \ninstructions below:\n * Log in to the Commend web-portal.\n\n * Download and extract the \"Terminals Software Package\".\n\n * In \"IP Station Config\", select the stations to be updated in the table.\n\n * Go to: Menu Station > Firmware Download\n\n * Select the file \"WS-CM 2.0.geh\" from the folder \"WS-CM\" and click on the button Open.\n\n\nFor additional information, please visit CSA-2024-42 on Commend's cybersecurity website. https://clibrary-online.commend.com/en/cyber-security/security-advisories.html \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Aar\u00f3n Flecha Men\u00e9ndez of S21sec reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2116",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}