From dfe5f4d5f337c4e2bbc300304b5789e29a8d99e7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Nov 2024 05:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/10xxx/CVE-2024-10575.json | 90 +++++++++++++++++++++++++++-- 2024/10xxx/CVE-2024-10800.json | 76 +++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11150.json | 76 +++++++++++++++++++++++-- 2024/21xxx/CVE-2024-21540.json | 84 +++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3653.json | 6 ++ 2024/8xxx/CVE-2024-8933.json | 100 +++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8935.json | 100 +++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8936.json | 78 +++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8937.json | 100 +++++++++++++++++++++++++++++++-- 2024/8xxx/CVE-2024-8938.json | 100 +++++++++++++++++++++++++++++++-- 2024/9xxx/CVE-2024-9409.json | 100 +++++++++++++++++++++++++++++++-- 11 files changed, 870 insertions(+), 40 deletions(-) diff --git a/2024/10xxx/CVE-2024-10575.json b/2024/10xxx/CVE-2024-10575.json index d5e22e349e9..e1820920878 100644 --- a/2024/10xxx/CVE-2024-10575.json +++ b/2024/10xxx/CVE-2024-10575.json @@ -1,17 +1,99 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on\nthe network and potentially impacting connected devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure IT Gateway", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 1.21.0.6" + }, + { + "version_affected": "=", + "version_value": "Version 1.22.0.3" + }, + { + "version_affected": "=", + "version_value": "Version 1.22.1.5" + }, + { + "version_affected": "=", + "version_value": "Version 1.23.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/10xxx/CVE-2024-10800.json b/2024/10xxx/CVE-2024-10800.json index ed1795ca729..2133d58b1b3 100644 --- a/2024/10xxx/CVE-2024-10800.json +++ b/2024/10xxx/CVE-2024-10800.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10800", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vanquish", + "product": { + "product_data": [ + { + "product_name": "WordPress User Extra Fields", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "16.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve" + }, + { + "url": "https://codecanyon.net/item/user-extra-fields/12949844", + "refsource": "MISC", + "name": "https://codecanyon.net/item/user-extra-fields/12949844" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Tonn" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH" } ] } diff --git a/2024/11xxx/CVE-2024-11150.json b/2024/11xxx/CVE-2024-11150.json index c6fad667239..f1745ecc5cb 100644 --- a/2024/11xxx/CVE-2024-11150.json +++ b/2024/11xxx/CVE-2024-11150.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11150", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "vanquish", + "product": { + "product_data": [ + { + "product_name": "WordPress User Extra Fields", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "16.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cve" + }, + { + "url": "https://codecanyon.net/item/user-extra-fields/12949844", + "refsource": "MISC", + "name": "https://codecanyon.net/item/user-extra-fields/12949844" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Chloe Chamberland" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/21xxx/CVE-2024-21540.json b/2024/21xxx/CVE-2024-21540.json index b1ceebf43e3..477012465de 100644 --- a/2024/21xxx/CVE-2024-21540.json +++ b/2024/21xxx/CVE-2024-21540.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-21540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "source-map-support", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "*" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.snyk.io/vuln/SNYK-JS-SOURCEMAPSUPPORT-6112477", + "refsource": "MISC", + "name": "https://security.snyk.io/vuln/SNYK-JS-SOURCEMAPSUPPORT-6112477" + }, + { + "url": "https://gist.github.com/mcoimbra/0f889d69b39c1c09aa6a8c001072402e", + "refsource": "MISC", + "name": "https://gist.github.com/mcoimbra/0f889d69b39c1c09aa6a8c001072402e" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Miguel Coimbra" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P" } ] } diff --git a/2024/3xxx/CVE-2024-3653.json b/2024/3xxx/CVE-2024-3653.json index d42e5c4d832..9263095439e 100644 --- a/2024/3xxx/CVE-2024-3653.json +++ b/2024/3xxx/CVE-2024-3653.json @@ -448,6 +448,12 @@ "value": "Setting the maxAge configuration is sufficient to prevent the behavior of this vulnerability being explored." } ], + "credits": [ + { + "lang": "en", + "value": "Red Hat would like to thank Keke Lian, Haoran Zhao, and Yongheng Liu (Secsys Lab of Fudan University) for reporting this issue." + } + ], "impact": { "cvss": [ { diff --git a/2024/8xxx/CVE-2024-8933.json b/2024/8xxx/CVE-2024-8933.json index 390ecafc436..4142cc0c332 100644 --- a/2024/8xxx/CVE-2024-8933.json +++ b/2024/8xxx/CVE-2024-8933.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel\nvulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of\nconfidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the\nlogical network while a valid user uploads or downloads a project file into the controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", + "cweId": "CWE-924" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPU (part numbers BMXP34*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Modicon MC80 (part numbers BMKC80)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Modicon Momentum Unity M1E Processor (171CBU*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8935.json b/2024/8xxx/CVE-2024-8935.json index 23ead9d8ca4..f4d205b854c 100644 --- a/2024/8xxx/CVE-2024-8935.json +++ b/2024/8xxx/CVE-2024-8935.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8935", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss\nof confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the\ncontroller and the engineering workstation while a valid user is establishing a communication session. This\nvulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-290 Authentication Bypass by Spoofing", + "cweId": "CWE-290" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPU (part numbers BMXP34*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions since SV3.60" + } + ] + } + }, + { + "product_name": "Modicon MC80 (part numbers BMKC80)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Modicon Momentum Unity M1E Processor (171CBU*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-02/SEVD-2024-317-02.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8936.json b/2024/8xxx/CVE-2024-8936.json index 33cd8c49e07..35f5ef3cfeb 100644 --- a/2024/8xxx/CVE-2024-8936.json +++ b/2024/8xxx/CVE-2024-8936.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory\nafter a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper\nwith memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPU (part numbers BMXP34*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Versions prior to SV3.65" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8937.json b/2024/8xxx/CVE-2024-8937.json index 4697e181c6f..c8bffe19a76 100644 --- a/2024/8xxx/CVE-2024-8937.json +++ b/2024/8xxx/CVE-2024-8937.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8937", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could\ncause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a\ncrafted Modbus function call to tamper with memory area involved in the authentication process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPU (part numbers BMXP34*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Versions prior to SV3.65" + } + ] + } + }, + { + "product_name": "Modicon MC80 (part numbers BMKC80)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Modicon Momentum Unity M1E Processor (171CBU*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/8xxx/CVE-2024-8938.json b/2024/8xxx/CVE-2024-8938.json index 4ed5269c97d..04a8a7f9634 100644 --- a/2024/8xxx/CVE-2024-8938.json +++ b/2024/8xxx/CVE-2024-8938.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-8938", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could\ncause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a\ncrafted Modbus function call to tamper with memory area involved in memory size computation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Modicon M340 CPU (part numbers BMXP34*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Versions prior to SV3.65" + } + ] + } + }, + { + "product_name": "Modicon MC80 (part numbers BMKC80)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Modicon Momentum Unity M1E Processor (171CBU*)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All Versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-03/SEVD-2024-317-03.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/9xxx/CVE-2024-9409.json b/2024/9xxx/CVE-2024-9409.json index 0f11de25b19..687e4afc872 100644 --- a/2024/9xxx/CVE-2024-9409.json +++ b/2024/9xxx/CVE-2024-9409.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become\nunresponsive resulting in communication loss when a large amount of IGMP packets is present in the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "PowerLogic PM5320", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 2.3.8 and prior" + } + ] + } + }, + { + "product_name": "PowerLogic PM5340", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 2.3.8 and prior" + } + ] + } + }, + { + "product_name": "PowerLogic PM5341", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Version 2.6.6 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/doc/SEVD-2024-317-01/SEVD-2024-317-01.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/doc/SEVD-2024-317-01/SEVD-2024-317-01.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] }