mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-07 19:17:10 +00:00
add one CVE, update 10 CVEs
This commit is contained in:
Jochen Becker
parent
6a14b05a10
commit
e3a4ffe566
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
@ -165,7 +165,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
||||
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -24,7 +24,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 Security Enhanced",
|
||||
"product_name": "UWP 3.0 Monitoring Gateway and Controller – Security Enhanced",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -36,7 +36,7 @@
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "UWP 3.0 Monitoring Gateway and Controller \u2013 EDP version",
|
||||
"product_name": "UWP 3.0 Monitoring Gateway and Controller – EDP version",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
@ -84,21 +84,21 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "LOW",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
|
||||
@ -44,12 +44,12 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device with with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot."
|
||||
"value": "On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
|
||||
@ -127,21 +127,21 @@
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.0.9"
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "REQUIRED",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
|
||||
@ -1,18 +1,97 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "info@cert.vde.com",
|
||||
"DATE_PUBLIC": "2022-11-01T11:00:00.000Z",
|
||||
"ID": "CVE-2022-3575",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Diagnostic System FDS102",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_name": "v2.8.0",
|
||||
"version_value": "v2.9.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Frauscher Sensortechnik"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "vulnogram 0.1.0-rc1"
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.frauscher.com/en/psirt",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.frauscher.com/en/psirt"
|
||||
}
|
||||
]
|
||||
},
|
||||
"solution": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Update to v2.9.2 or higher."
|
||||
}
|
||||
],
|
||||
"source": {
|
||||
"defect": [
|
||||
"CERT@VDE#64262"
|
||||
],
|
||||
"discovery": "INTERNAL"
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user