From e0e25da7f9f4773962fc3a0f8caa5aca1f038ef1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Jan 2024 10:01:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/19xxx/CVE-2019-19298.json | 72 +++++++++++++++++++------------- 2019/19xxx/CVE-2019-19299.json | 76 +++++++++++++++++++++------------- 2022/43xxx/CVE-2022-43398.json | 18 ++++++-- 2022/43xxx/CVE-2022-43439.json | 18 ++++++-- 2022/43xxx/CVE-2022-43545.json | 18 ++++++-- 2022/43xxx/CVE-2022-43546.json | 18 ++++++-- 2023/30xxx/CVE-2023-30901.json | 10 ++++- 2023/31xxx/CVE-2023-31238.json | 10 ++++- 2023/42xxx/CVE-2023-42797.json | 75 +++++++++++++++++++++++++++++++-- 2023/44xxx/CVE-2023-44120.json | 64 ++++++++++++++++++++++++++-- 2023/46xxx/CVE-2023-46281.json | 4 +- 2023/46xxx/CVE-2023-46282.json | 4 +- 2023/46xxx/CVE-2023-46283.json | 4 +- 2023/46xxx/CVE-2023-46284.json | 4 +- 2023/46xxx/CVE-2023-46285.json | 4 +- 2023/49xxx/CVE-2023-49121.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49122.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49123.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49124.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49126.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49127.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49128.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49129.json | 64 ++++++++++++++++++++++++++-- 2023/49xxx/CVE-2023-49130.json | 64 ++++++++++++++++++++++++++-- 24 files changed, 851 insertions(+), 124 deletions(-) diff --git a/2019/19xxx/CVE-2019-19298.json b/2019/19xxx/CVE-2019-19298.json index 537a0270e28..3f57933afca 100644 --- a/2019/19xxx/CVE-2019-19298.json +++ b/2019/19xxx/CVE-2019-19298.json @@ -1,12 +1,33 @@ { - "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", - "ID": "CVE-2019-19298", - "STATE": "PUBLIC" - }, - "data_format": "MITRE", "data_version": "4.0", "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-19298", + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\ncontains a input validation vulnerability, that could allow\nan unauthenticated remote attacker to cause a Denial-of-Service condition\nby sending malformed HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,12 @@ "version": { "version_data": [ { - "version_value": "All versions < V5.0.2" + "version_affected": "=", + "version_value": "All versions < V5.0.0" + }, + { + "version_affected": "=", + "version_value": "All versions >= V5.0.0 < V5.0.2" } ] } @@ -30,33 +56,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20: Improper Input Validation" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19299.json b/2019/19xxx/CVE-2019-19299.json index a6de9dd65ab..045ca56421c 100644 --- a/2019/19xxx/CVE-2019-19299.json +++ b/2019/19xxx/CVE-2019-19299.json @@ -1,12 +1,33 @@ { - "CVE_data_meta": { - "ASSIGNER": "productcert@siemens.com", - "ID": "CVE-2019-19299", - "STATE": "PUBLIC" - }, - "data_format": "MITRE", "data_version": "4.0", "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2019-19299", + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server\napplies weak cryptography when exposing device (camera) passwords.\nThis could allow an unauthenticated remote attacker to read and decrypt\nthe passwords and conduct further attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326: Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -19,7 +40,16 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_affected": "=", + "version_value": "All versions < V5.0.0" + }, + { + "version_affected": "=", + "version_value": "All versions >= V5.0.0 < V5.0.2" + }, + { + "version_affected": "=", + "version_value": "All versions >= V5.0.2" } ] } @@ -30,33 +60,23 @@ ] } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-326: Inadequate Encryption Strength" - } - ] - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks." - } - ] - }, "references": { "reference_data": [ { - "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf", + "refsource": "MISC", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf" } ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + ] } } \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43398.json b/2022/43xxx/CVE-2022-43398.json index 2d991f8e28a..246eb83f966 100644 --- a/2022/43xxx/CVE-2022-43398.json +++ b/2022/43xxx/CVE-2022-43398.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session." + "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session." } ] }, @@ -36,12 +36,24 @@ "product": { "product_data": [ { - "product_name": "POWER METER SICAM Q200 family", + "product_name": "POWER METER SICAM Q100", "version": { "version_data": [ { "version_affected": "=", - "version_value": "All versions < V2.70" + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" } ] } diff --git a/2022/43xxx/CVE-2022-43439.json b/2022/43xxx/CVE-2022-43439.json index c95ce7fe818..0c155e22bfd 100644 --- a/2022/43xxx/CVE-2022-43439.json +++ b/2022/43xxx/CVE-2022-43439.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device." + "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device." } ] }, @@ -36,12 +36,24 @@ "product": { "product_data": [ { - "product_name": "POWER METER SICAM Q200 family", + "product_name": "POWER METER SICAM Q100", "version": { "version_data": [ { "version_affected": "=", - "version_value": "All versions < V2.70" + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" } ] } diff --git a/2022/43xxx/CVE-2022-43545.json b/2022/43xxx/CVE-2022-43545.json index 3f81fafd064..1d3118d9b72 100644 --- a/2022/43xxx/CVE-2022-43545.json +++ b/2022/43xxx/CVE-2022-43545.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device." + "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device." } ] }, @@ -36,12 +36,24 @@ "product": { "product_data": [ { - "product_name": "POWER METER SICAM Q200 family", + "product_name": "POWER METER SICAM Q100", "version": { "version_data": [ { "version_affected": "=", - "version_value": "All versions < V2.70" + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" } ] } diff --git a/2022/43xxx/CVE-2022-43546.json b/2022/43xxx/CVE-2022-43546.json index 6dadb3bf9cc..2e4ac57cd86 100644 --- a/2022/43xxx/CVE-2022-43546.json +++ b/2022/43xxx/CVE-2022-43546.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device." + "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device." } ] }, @@ -36,12 +36,24 @@ "product": { "product_data": [ { - "product_name": "POWER METER SICAM Q200 family", + "product_name": "POWER METER SICAM Q100", "version": { "version_data": [ { "version_affected": "=", - "version_value": "All versions < V2.70" + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.50" } ] } diff --git a/2023/30xxx/CVE-2023-30901.json b/2023/30xxx/CVE-2023-30901.json index 1d27ad2045f..97b24bfca5d 100644 --- a/2023/30xxx/CVE-2023-30901.json +++ b/2023/30xxx/CVE-2023-30901.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user." + "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user." } ] }, @@ -39,6 +39,14 @@ "product_name": "POWER METER SICAM Q100", "version": { "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V2.60" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.60" + }, { "version_affected": "=", "version_value": "All versions < V2.60" diff --git a/2023/31xxx/CVE-2023-31238.json b/2023/31xxx/CVE-2023-31238.json index d04f25e263c..33e3b5b3d3f 100644 --- a/2023/31xxx/CVE-2023-31238.json +++ b/2023/31xxx/CVE-2023-31238.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user." + "value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user." } ] }, @@ -39,6 +39,14 @@ "product_name": "POWER METER SICAM Q100", "version": { "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V2.60" + }, + { + "version_affected": "=", + "version_value": "All versions < V2.60" + }, { "version_affected": "=", "version_value": "All versions < V2.60" diff --git a/2023/42xxx/CVE-2023-42797.json b/2023/42xxx/CVE-2023-42797.json index 50924f6281d..5748c301f07 100644 --- a/2023/42xxx/CVE-2023-42797.json +++ b/2023/42xxx/CVE-2023-42797.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-42797", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps.\r\n\r\nBy uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource", + "cweId": "CWE-908" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "CP-8031 MASTER MODULE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < CPCI85 V05.20" + } + ] + } + }, + { + "product_name": "CP-8050 MASTER MODULE", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < CPCI85 V05.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-583634.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/44xxx/CVE-2023-44120.json b/2023/44xxx/CVE-2023-44120.json index d7bc9599994..e46c82f4f35 100644 --- a/2023/44xxx/CVE-2023-44120.json +++ b/2023/44xxx/CVE-2023-44120.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Spectrum Power 7", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V23Q4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-786191.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-786191.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/46xxx/CVE-2023-46281.json b/2023/46xxx/CVE-2023-46281.json index 2b70f97d8ad..369ee3291d9 100644 --- a/2023/46xxx/CVE-2023-46281.json +++ b/2023/46xxx/CVE-2023-46281.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." + "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." } ] }, @@ -107,7 +107,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "All versions < V17 Update 7" } ] } diff --git a/2023/46xxx/CVE-2023-46282.json b/2023/46xxx/CVE-2023-46282.json index fb8c54e9792..3421f9ba103 100644 --- a/2023/46xxx/CVE-2023-46282.json +++ b/2023/46xxx/CVE-2023-46282.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." + "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." } ] }, @@ -107,7 +107,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "All versions < V17 Update 7" } ] } diff --git a/2023/46xxx/CVE-2023-46283.json b/2023/46xxx/CVE-2023-46283.json index 624839c6df8..0ec198c9d53 100644 --- a/2023/46xxx/CVE-2023-46283.json +++ b/2023/46xxx/CVE-2023-46283.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." } ] }, @@ -107,7 +107,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "All versions < V17 Update 7" } ] } diff --git a/2023/46xxx/CVE-2023-46284.json b/2023/46xxx/CVE-2023-46284.json index 63c816be755..3686f76639d 100644 --- a/2023/46xxx/CVE-2023-46284.json +++ b/2023/46xxx/CVE-2023-46284.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." } ] }, @@ -107,7 +107,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "All versions < V17 Update 7" } ] } diff --git a/2023/46xxx/CVE-2023-46285.json b/2023/46xxx/CVE-2023-46285.json index 45012890f4e..cc6a783b565 100644 --- a/2023/46xxx/CVE-2023-46285.json +++ b/2023/46xxx/CVE-2023-46285.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." + "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." } ] }, @@ -107,7 +107,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "All versions" + "version_value": "All versions < V17 Update 7" } ] } diff --git a/2023/49xxx/CVE-2023-49121.json b/2023/49xxx/CVE-2023-49121.json index f4ca9090a21..4b80f6cafc9 100644 --- a/2023/49xxx/CVE-2023-49121.json +++ b/2023/49xxx/CVE-2023-49121.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49122.json b/2023/49xxx/CVE-2023-49122.json index 8ce9bc036b3..10b9f07bdb9 100644 --- a/2023/49xxx/CVE-2023-49122.json +++ b/2023/49xxx/CVE-2023-49122.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49123.json b/2023/49xxx/CVE-2023-49123.json index ecb1bcae005..5e785fb030c 100644 --- a/2023/49xxx/CVE-2023-49123.json +++ b/2023/49xxx/CVE-2023-49123.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49124.json b/2023/49xxx/CVE-2023-49124.json index b0144bcc651..934c7cd5496 100644 --- a/2023/49xxx/CVE-2023-49124.json +++ b/2023/49xxx/CVE-2023-49124.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49126.json b/2023/49xxx/CVE-2023-49126.json index 13123fc02d8..44a242fab90 100644 --- a/2023/49xxx/CVE-2023-49126.json +++ b/2023/49xxx/CVE-2023-49126.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49127.json b/2023/49xxx/CVE-2023-49127.json index 81ab55141d8..a782e386cf7 100644 --- a/2023/49xxx/CVE-2023-49127.json +++ b/2023/49xxx/CVE-2023-49127.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49128.json b/2023/49xxx/CVE-2023-49128.json index 4af0efc1cee..f033c559741 100644 --- a/2023/49xxx/CVE-2023-49128.json +++ b/2023/49xxx/CVE-2023-49128.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49129.json b/2023/49xxx/CVE-2023-49129.json index 27a0015f439..ce8c2d6f898 100644 --- a/2023/49xxx/CVE-2023-49129.json +++ b/2023/49xxx/CVE-2023-49129.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] } diff --git a/2023/49xxx/CVE-2023-49130.json b/2023/49xxx/CVE-2023-49130.json index 4f15257148c..45c791a59f8 100644 --- a/2023/49xxx/CVE-2023-49130.json +++ b/2023/49xxx/CVE-2023-49130.json @@ -1,17 +1,73 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "productcert@siemens.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824: Access of Uninitialized Pointer", + "cweId": "CWE-824" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Solid Edge SE2023", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions < V223.0 Update 10" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf", + "refsource": "MISC", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-589891.pdf" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", + "baseScore": 7.8, + "baseSeverity": "HIGH" } ] }