From ebc8e588a3f5c72f55c03ef0a9306ed1fa6cf90d Mon Sep 17 00:00:00 2001 From: Siemens ProductCERT Date: Tue, 8 Feb 2022 13:21:36 +0000 Subject: [PATCH] Siemens CVE update for AD-2022-02 --- 2017/12xxx/CVE-2017-12741.json | 28 +++--- 2017/2xxx/CVE-2017-2680.json | 28 +++--- 2017/2xxx/CVE-2017-2681.json | 28 +++--- 2019/10xxx/CVE-2019-10923.json | 28 +++--- 2019/10xxx/CVE-2019-10936.json | 28 +++--- 2019/10xxx/CVE-2019-10942.json | 44 +++++++++- 2019/13xxx/CVE-2019-13933.json | 50 +++++++++-- 2019/13xxx/CVE-2019-13946.json | 90 ++++++++++++++----- 2019/19xxx/CVE-2019-19301.json | 22 ++++- 2019/6xxx/CVE-2019-6568.json | 142 +++++++++++++++++++----------- 2019/6xxx/CVE-2019-6575.json | 36 +------- 2020/28xxx/CVE-2020-28400.json | 152 +++++++++++++++++++++++++++++++-- 2021/37xxx/CVE-2021-37185.json | 115 +++++++++++++++++++++++-- 2021/37xxx/CVE-2021-37186.json | 36 +++++++- 2021/37xxx/CVE-2021-37194.json | 75 ++++++++++++++-- 2021/37xxx/CVE-2021-37195.json | 26 +++++- 2021/37xxx/CVE-2021-37196.json | 36 +++++++- 2021/37xxx/CVE-2021-37197.json | 26 +++++- 2021/37xxx/CVE-2021-37198.json | 26 +++++- 2021/37xxx/CVE-2021-37204.json | 115 +++++++++++++++++++++++-- 2021/37xxx/CVE-2021-37205.json | 115 +++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40358.json | 8 +- 2021/40xxx/CVE-2021-40359.json | 8 +- 2021/40xxx/CVE-2021-40360.json | 125 +++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40363.json | 135 +++++++++++++++++++++++++++-- 2021/40xxx/CVE-2021-40364.json | 8 +- 2021/44xxx/CVE-2021-44000.json | 115 +++++++++++++++++++++++-- 2021/44xxx/CVE-2021-44016.json | 115 +++++++++++++++++++++++-- 2021/44xxx/CVE-2021-44018.json | 115 +++++++++++++++++++++++-- 2021/45xxx/CVE-2021-45106.json | 55 ++++++++++-- 2021/46xxx/CVE-2021-46151.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46152.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46153.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46154.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46155.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46156.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46157.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46158.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46159.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46160.json | 65 ++++++++++++-- 2021/46xxx/CVE-2021-46161.json | 65 ++++++++++++-- 2022/23xxx/CVE-2022-23102.json | 55 ++++++++++-- 2022/23xxx/CVE-2022-23312.json | 55 ++++++++++-- 43 files changed, 2402 insertions(+), 353 deletions(-) diff --git a/2017/12xxx/CVE-2017-12741.json b/2017/12xxx/CVE-2017-12741.json index 19f67947bdb..704fdae40cb 100644 --- a/2017/12xxx/CVE-2017-12741.json +++ b/2017/12xxx/CVE-2017-12741.json @@ -165,7 +165,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -175,7 +175,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -185,7 +185,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { @@ -195,7 +195,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -205,7 +205,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { @@ -225,7 +225,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { @@ -245,7 +245,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -255,7 +255,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { @@ -265,7 +265,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { @@ -275,7 +275,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -285,7 +285,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0)", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { @@ -776,7 +776,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0), SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0), SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-200 SMART, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION D4xx V4.4 for SINAMICS SM150i-2 w. PROFINET (incl. SIPLUS variants), SIMOTION P V4.4 and V4.5, SIMOTION P V5, SINAMICS DCM w. PN, SINAMICS DCP w. PN, SINAMICS G110M w. PN, SINAMICS G120(C/P/D) w. PN (incl. SIPLUS variants), SINAMICS G130 V4.7 w. PN, SINAMICS G130 V4.8 w. PN, SINAMICS G150 V4.7 w. PN, SINAMICS G150 V4.8 w. PN, SINAMICS GH150 V4.7 w. PROFINET, SINAMICS GL150 V4.7 w. PROFINET, SINAMICS GM150 V4.7 w. PROFINET, SINAMICS S110 w. PN, SINAMICS S120 V4.7 SP1 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.7 w. PN (incl. SIPLUS variants), SINAMICS S120 V4.8 w. PN (incl. SIPLUS variants), SINAMICS S120 prior to V4.7 w. PN (incl. SIPLUS variants), SINAMICS S150 V4.7 w. PN, SINAMICS S150 V4.8 w. PN, SINAMICS SL150 V4.7.0 w. PROFINET, SINAMICS SL150 V4.7.4 w. PROFINET, SINAMICS SL150 V4.7.5 w. PROFINET, SINAMICS SM120 V4.7 w. PROFINET, SINAMICS V90 w. PN, SINUMERIK 840D sl, SIRIUS Soft Starter 3RW44 PN. Specially crafted packets sent to port 161/udp could cause a Denial-of-Service condition. The affected devices must be restarted manually." } ] }, diff --git a/2017/2xxx/CVE-2017-2680.json b/2017/2xxx/CVE-2017-2680.json index d0a7bde8326..165ec0e69be 100644 --- a/2017/2xxx/CVE-2017-2680.json +++ b/2017/2xxx/CVE-2017-2680.json @@ -515,7 +515,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -525,7 +525,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -535,7 +535,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { @@ -545,7 +545,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -555,7 +555,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { @@ -565,7 +565,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { @@ -575,7 +575,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { @@ -585,7 +585,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { @@ -595,7 +595,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -605,7 +605,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { @@ -615,7 +615,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { @@ -625,7 +625,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -635,7 +635,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0)", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { @@ -1246,7 +1246,7 @@ "description_data": [ { "lang": "eng", - "value": "Specially crafted PROFINET DCP broadcast packets could cause a Denial-of-Service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected." + "value": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected." } ] }, diff --git a/2017/2xxx/CVE-2017-2681.json b/2017/2xxx/CVE-2017-2681.json index ea836b32179..a61c1e1e228 100644 --- a/2017/2xxx/CVE-2017-2681.json +++ b/2017/2xxx/CVE-2017-2681.json @@ -435,7 +435,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -445,7 +445,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -455,7 +455,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { @@ -465,7 +465,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -475,7 +475,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { @@ -485,7 +485,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { @@ -495,7 +495,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { @@ -505,7 +505,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { @@ -515,7 +515,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -525,7 +525,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { @@ -535,7 +535,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { @@ -545,7 +545,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -555,7 +555,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0)", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { @@ -1086,7 +1086,7 @@ "description_data": [ { "lang": "eng", - "value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a Denial-of-Service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices." + "value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices." } ] }, diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 0a985b41998..2f75cb8f39b 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -95,7 +95,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { @@ -105,7 +105,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -115,7 +115,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { @@ -125,7 +125,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { @@ -135,7 +135,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { @@ -145,7 +145,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { @@ -155,7 +155,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -165,7 +165,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { @@ -175,7 +175,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { @@ -185,7 +185,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -195,7 +195,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0)", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { @@ -476,7 +476,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0) (All versions), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0) (All versions), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0) (All versions), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0) (All versions), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0) (All versions), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0) (All versions), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0) (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0) (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0) (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0) (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0) (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0) (All versions), SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0) (All versions), SIMATIC ET200pro (All versions), SIMATIC NET CP 1604 (All versions < V2.8), SIMATIC NET CP 1616 (All versions < V2.8), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (All versions), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN: IO-Link Master (All versions), SIMATIC ET200pro (All versions), SIMATIC NET CP 1604 (All versions < V2.8), SIMATIC NET CP 1616 (All versions < V2.8), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a\nDenial-of-Service condition by breaking the real-time synchronization (IRT)\nof the affected installation.\n\nThe security vulnerability could be exploited by an unauthenticated attacker\nwith network access to the affected installation. No user interaction is\nrequired to exploit this security vulnerability. The vulnerability impacts\nthe availability of the affected installations." } ] }, diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index 2d64b0f0a70..dcd29f8a626 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -195,7 +195,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -205,7 +205,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { @@ -225,7 +225,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { @@ -245,7 +245,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { @@ -255,7 +255,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { @@ -265,7 +265,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { @@ -275,7 +275,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -285,7 +285,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { @@ -295,7 +295,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { @@ -305,7 +305,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -315,7 +315,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0)", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { @@ -676,7 +676,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0), SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0), SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX (F) 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl. Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered\nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known." } ] }, diff --git a/2019/10xxx/CVE-2019-10942.json b/2019/10xxx/CVE-2019-10942.json index 9a921e162f3..07f33d96393 100644 --- a/2019/10xxx/CVE-2019-10942.json +++ b/2019/10xxx/CVE-2019-10942.json @@ -35,7 +35,47 @@ } }, { - "product_name": "SCALANCE X-200RNA", + "product_name": "SCALANCE X204RNA (HSR)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA (PRP)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA EEC (HSR)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA EEC (PRP)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA EEC (PRP/HSR)", "version": { "version_data": [ { @@ -66,7 +106,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device." + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger\na denial-of-service condition by sending large message packages repeatedly\nto the telnet service.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device." } ] }, diff --git a/2019/13xxx/CVE-2019-13933.json b/2019/13xxx/CVE-2019-13933.json index efe0452797c..2d452720927 100644 --- a/2019/13xxx/CVE-2019-13933.json +++ b/2019/13xxx/CVE-2019-13933.json @@ -11,11 +11,21 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Siemens AG", + "vendor_name": "Siemens", "product": { "product_data": [ { - "product_name": "SCALANCE X-200RNA switch family", + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.3" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA (HSR)", "version": { "version_data": [ { @@ -25,11 +35,41 @@ } }, { - "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "product_name": "SCALANCE X204RNA (PRP)", "version": { "version_data": [ { - "version_value": "All versions < V4.1.3" + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA EEC (HSR)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA EEC (PRP)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X204RNA EEC (PRP/HSR)", + "version": { + "version_data": [ + { + "version_value": "All versions" } ] } @@ -56,7 +96,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto violate access-control rules. The vulnerability can be triggered\nby sending GET request to specific uniform resource locator on the\nweb configuration interface of the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. An attacker could use the vulnerability\nto obtain sensitive information or change the device configuration.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known." } ] }, diff --git a/2019/13xxx/CVE-2019-13946.json b/2019/13xxx/CVE-2019-13946.json index bf8a78c4715..a1d910b1a3d 100644 --- a/2019/13xxx/CVE-2019-13946.json +++ b/2019/13xxx/CVE-2019-13946.json @@ -85,7 +85,7 @@ } }, { - "product_name": "SCALANCE W700 IEEE 802.11n", + "product_name": "SCALANCE W-700 IEEE 802.11n family", "version": { "version_data": [ { @@ -205,7 +205,7 @@ } }, { - "product_name": "SIMATIC CP 343-1 (incl. SIPLUS variants)", + "product_name": "SIMATIC CP 343-1", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)", + "product_name": "SIMATIC CP 343-1 Advanced", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SIMATIC CP 343-1 Lean (incl. SIPLUS variants)", + "product_name": "SIMATIC CP 343-1 Lean", "version": { "version_data": [ { @@ -245,7 +245,7 @@ } }, { - "product_name": "SIMATIC CP 443-1 (incl. SIPLUS variants)", + "product_name": "SIMATIC CP 443-1", "version": { "version_data": [ { @@ -255,7 +255,7 @@ } }, { - "product_name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)", + "product_name": "SIMATIC CP 443-1 Advanced", "version": { "version_data": [ { @@ -365,7 +365,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -375,7 +375,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -385,7 +385,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "version": { "version_data": [ { @@ -395,7 +395,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -405,7 +405,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "version": { "version_data": [ { @@ -415,7 +415,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "version": { "version_data": [ { @@ -425,7 +425,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "version": { "version_data": [ { @@ -435,7 +435,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "version": { "version_data": [ { @@ -445,7 +445,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "version": { "version_data": [ { @@ -455,7 +455,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "version": { "version_data": [ { @@ -465,7 +465,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "version": { "version_data": [ { @@ -475,7 +475,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0)", + "product_name": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "version": { "version_data": [ { @@ -485,7 +485,7 @@ } }, { - "product_name": "SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0)", + "product_name": "SIMATIC ET200ecoPN: IO-Link Master", "version": { "version_data": [ { @@ -614,6 +614,56 @@ ] } }, + { + "product_name": "SIPLUS NET CP 343-1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIPLUS NET CP 343-1 Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIPLUS NET CP 343-1 Lean", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIPLUS NET CP 443-1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIPLUS NET CP 443-1 Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SOFTNET-IE PNIO", "version": { @@ -646,7 +696,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, PROFINET Driver for Controller, RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, SCALANCE W700 IEEE 802.11n, SCALANCE X-200 switch family (incl. SIPLUS NET variants), SCALANCE X-200IRT (incl. SIPLUS NET variants), SCALANCE X-300 (incl. X408 and SIPLUS NET variants), SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200BA, SCALANCE XM-400, SCALANCE XP-200, SCALANCE XR-300WG, SCALANCE XR-500, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1 (incl. SIPLUS variants), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC CP 343-1 ERPC, SIMATIC CP 343-1 Lean (incl. SIPLUS variants), SIMATIC CP 443-1 (incl. SIPLUS variants), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET200AL IM 157-1 PN, SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (6ES7141-6BH00-0AB0), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (6ES7142-6BH00-0AB0), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (6ES7145-6HD00-0AB0), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (6ES7147-6BG00-0AB0), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (6ES7142-6BR00-0AB0), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (6ES7144-6KD50-0AB0), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (6ES7144-6KD00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (6ES7141-6BF00-0AB0), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (6ES7141-6BG00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (6ES7142-6BF50-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (6ES7142-6BF00-0AB0), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (6ES7142-6BG00-0AB0), SIMATIC ET200ecoPN: IO-Link Master (6ES7148-6JA00-0AB0), SIMATIC ET200pro, IM 154-3 PN HF, SIMATIC ET200pro, IM 154-4 PN HF, SIMATIC IPC Support, Package for VxWorks, SIMATIC MV400, SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant), SIMATIC RF180C, SIMATIC RF182C, SIMATIC RF600, SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION P, SINAMICS DCP, SOFTNET-IE PNIO. Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, PROFINET Driver for Controller, RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, SCALANCE W-700 IEEE 802.11n family, SCALANCE X-200 switch family (incl. SIPLUS NET variants), SCALANCE X-200IRT (incl. SIPLUS NET variants), SCALANCE X-300 (incl. X408 and SIPLUS NET variants), SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200BA, SCALANCE XM-400, SCALANCE XP-200, SCALANCE XR-300WG, SCALANCE XR-500, SIMATIC CP 1616 and CP 1604, SIMATIC CP 343-1, SIMATIC CP 343-1 Advanced, SIMATIC CP 343-1 ERPC, SIMATIC CP 343-1 Lean, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET200AL IM 157-1 PN, SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, IM 154-3 PN HF, SIMATIC ET200pro, IM 154-4 PN HF, SIMATIC IPC Support, Package for VxWorks, SIMATIC MV400, SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant), SIMATIC RF180C, SIMATIC RF182C, SIMATIC RF600, SIMOTION C, SIMOTION D (incl. SIPLUS variants), SIMOTION P, SINAMICS DCP, SIPLUS NET CP 343-1, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 343-1 Lean, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SOFTNET-IE PNIO. Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device." } ] }, diff --git a/2019/19xxx/CVE-2019-19301.json b/2019/19xxx/CVE-2019-19301.json index 1d5fd4643b2..d3f32ebde4f 100644 --- a/2019/19xxx/CVE-2019-19301.json +++ b/2019/19xxx/CVE-2019-19301.json @@ -44,6 +44,16 @@ ] } }, + { + "product_name": "SIMATIC CP 442-1 RNA", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC CP 443-1 (incl. SIPLUS variants)", "version": { @@ -64,6 +74,16 @@ ] } }, + { + "product_name": "SIMATIC CP 443-1 RNA", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC RF180C", "version": { @@ -106,7 +126,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 442-1 RNA (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 RNA (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service." } ] }, diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index 7fd4704e19c..2f141622bba 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -24,6 +24,66 @@ ] } }, + { + "product_name": "SIMATIC CP 1604", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 1616", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 343-1 Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC CP 443-1 OPC UA", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "version": { @@ -84,56 +144,6 @@ ] } }, - { - "product_name": "SIMATIC NET CP 1616 and CP 1604", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-1 (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC NET CP 443-1 OPC UA", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, { "product_name": "SIMATIC RF182C", "version": { @@ -684,6 +694,36 @@ ] } }, + { + "product_name": "SIPLUS NET CP 343-1 Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIPLUS NET CP 443-1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIPLUS NET CP 443-1 Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, { "product_name": "SITOP Manager", "version": { @@ -746,7 +786,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC NET CP 1616 and CP 1604, SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants), SIMATIC NET CP 443-1 (incl. SIPLUS variants), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants), SIMATIC NET CP 443-1 OPC UA, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to\na denial of service condition. An attacker may cause a denial of service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device." } ] }, diff --git a/2019/6xxx/CVE-2019-6575.json b/2019/6xxx/CVE-2019-6575.json index c55331e4436..f220bc0969b 100644 --- a/2019/6xxx/CVE-2019-6575.json +++ b/2019/6xxx/CVE-2019-6575.json @@ -11,7 +11,7 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Siemens AG", + "vendor_name": "Siemens", "product": { "product_data": [ { @@ -24,26 +24,6 @@ ] } }, - { - "product_name": "SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V2.7" - } - ] - } - }, { "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "version": { @@ -84,16 +64,6 @@ ] } }, - { - "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants)", - "version": { - "version_data": [ - { - "version_value": "All versions < V15.1 Upd 4" - } - ] - } - }, { "product_name": "SIMATIC IPC DiagMonitor", "version": { @@ -159,7 +129,7 @@ "version": { "version_data": [ { - "version_value": "All versions < V3.15-P018" + "version_value": "All versions < V3.15 P018" } ] } @@ -236,7 +206,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC CP443-1 OPC UA (incl. SIPLUS NET variants) (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software (All versions >= V7.1 < V16), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp\ncould allow an unauthenticated remote attacker to cause a denial of service\ncondition of the OPC communication or crash the device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the OPC communication." } ] }, diff --git a/2020/28xxx/CVE-2020-28400.json b/2020/28xxx/CVE-2020-28400.json index 540671b2010..bf95f900968 100644 --- a/2020/28xxx/CVE-2020-28400.json +++ b/2020/28xxx/CVE-2020-28400.json @@ -55,7 +55,97 @@ } }, { - "product_name": "SCALANCE M-800", + "product_name": "SCALANCE M804PB", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M812-1 ADSL-Router", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M816-1 ADSL-Router", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M826-2 SHDSL-Router", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M874-2", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M874-3", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M876-3", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M876-3 (ROK)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M876-4 (EU)", + "version": { + "version_data": [ + { + "version_value": "All Versions < V6.4" + } + ] + } + }, + { + "product_name": "SCALANCE M876-4 (NAM)", "version": { "version_data": [ { @@ -75,7 +165,7 @@ } }, { - "product_name": "SCALANCE W1700 IEEE 802.11ac", + "product_name": "SCALANCE W-1700 IEEE 802.11ac family", "version": { "version_data": [ { @@ -85,7 +175,7 @@ } }, { - "product_name": "SCALANCE W700 IEEE 802.11n", + "product_name": "SCALANCE W-700 IEEE 802.11n family", "version": { "version_data": [ { @@ -725,7 +815,57 @@ } }, { - "product_name": "SIMATIC MV500 family", + "product_name": "SIMATIC MV540 H", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0" + } + ] + } + }, + { + "product_name": "SIMATIC MV540 S", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0" + } + ] + } + }, + { + "product_name": "SIMATIC MV550 H", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0" + } + ] + } + }, + { + "product_name": "SIMATIC MV550 S", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0" + } + ] + } + }, + { + "product_name": "SIMATIC MV560 U", + "version": { + "version_data": [ + { + "version_value": "All versions < V3.0" + } + ] + } + }, + { + "product_name": "SIMATIC MV560 X", "version": { "version_data": [ { @@ -755,7 +895,7 @@ } }, { - "product_name": "SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0)", + "product_name": "SIMATIC Power Line Booster PLB, Base Module", "version": { "version_data": [ { @@ -826,7 +966,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.7), RUGGEDCOM RM1224 (All Versions < V6.4), SCALANCE M-800 (All Versions < V6.4), SCALANCE S615 (All Versions < V6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M PoE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions < V4.3), SCALANCE XC-200 (All versions < V4.3), SCALANCE XF-200BA (All versions < V4.3), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions < V4.3), SCALANCE XR-300WG (All versions < V4.3), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M PoE (All versions), SCALANCE XR324-4M PoE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC CM 1542-1 (All versions < V3.0), SIMATIC CP1616/CP1604 (All Versions >= V2.7), SIMATIC CP1626 (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions < V2.3), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, RUGGEDCOM RM1224, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3, SCALANCE M876-3 (ROK), SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE S615, SCALANCE W-1700 IEEE 802.11ac family, SCALANCE W-700 IEEE 802.11n family, SCALANCE X200-4 P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2 IRT, SCALANCE X202-2P IRT (incl. SIPLUS NET variant), SCALANCE X202-2P IRT PRO, SCALANCE X204 IRT, SCALANCE X204 IRT PRO, SCALANCE X204-2 (incl. SIPLUS NET variant), SCALANCE X204-2FM, SCALANCE X204-2LD (incl. SIPLUS NET variant), SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X206-1, SCALANCE X206-1LD (incl. SIPLUS NET variant), SCALANCE X208 (incl. SIPLUS NET variant), SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7EEC, SCALANCE X304-2FE, SCALANCE X306-1LDFE, SCALANCE X307-2EEC, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2 (incl. SIPLUS NET variant), SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310FE, SCALANCE X320-1FE, SCALANCE X320-3LDFE, SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200BA, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204 IRT, SCALANCE XF204-2 (incl. SIPLUS NET variant), SCALANCE XF204-2BA IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XM400, SCALANCE XP-200, SCALANCE XR-300WG, SCALANCE XR324-12M, SCALANCE XR324-12M TS, SCALANCE XR324-4M EEC, SCALANCE XR324-4M PoE, SCALANCE XR324-4M PoE TS, SCALANCE XR500, SIMATIC CFU PA, SIMATIC CM 1542-1, SIMATIC CP1616/CP1604, SIMATIC CP1626, SIMATIC IE/PB-LINK V3, SIMATIC MV540 H, SIMATIC MV540 S, SIMATIC MV550 H, SIMATIC MV550 S, SIMATIC MV560 U, SIMATIC MV560 X, SIMATIC NET DK-16xx PN IO, SIMATIC PROFINET Driver, SIMATIC Power Line Booster PLB, Base Module, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMOCODE proV Ethernet/IP, SIMOCODE proV PROFINET, SOFTNET-IE PNIO. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device." } ] }, diff --git a/2021/37xxx/CVE-2021-37185.json b/2021/37xxx/CVE-2021-37185.json index e346b0bff3e..65b9b5c73e3 100644 --- a/2021/37xxx/CVE-2021-37185.json +++ b/2021/37xxx/CVE-2021-37185.json @@ -1,17 +1,120 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-37185", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-37185", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.9.4" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V4.5.0 < V4.5.2" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.9.2 < V2.9.4" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-PLCSIM Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-672: Operation on a Resource after Expiration or Release" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37186.json b/2021/37xxx/CVE-2021-37186.json index 3f84e84aecb..caabcf7bdfd 100644 --- a/2021/37xxx/CVE-2021-37186.json +++ b/2021/37xxx/CVE-2021-37186.json @@ -35,11 +35,41 @@ } }, { - "product_name": "SIMATIC RTU 3000 family", + "product_name": "SIMATIC RTU3010C", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.0.9" + } + ] + } + }, + { + "product_name": "SIMATIC RTU3030C", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.0.9" + } + ] + } + }, + { + "product_name": "SIMATIC RTU3031C", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.0.9" + } + ] + } + }, + { + "product_name": "SIMATIC RTU3041C", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.0.9" } ] } @@ -66,7 +96,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU 3000 family (All versions). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information." + "value": "A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information." } ] }, diff --git a/2021/37xxx/CVE-2021-37194.json b/2021/37xxx/CVE-2021-37194.json index 0f5b32aff40..09eb34b57ca 100644 --- a/2021/37xxx/CVE-2021-37194.json +++ b/2021/37xxx/CVE-2021-37194.json @@ -1,17 +1,80 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-37194", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-37194", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "COMOS V10.2", + "version": { + "version_data": [ + { + "version_value": "All versions only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.3.3.2.14 only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.4", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.4.1 only if web components are used" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434: Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37195.json b/2021/37xxx/CVE-2021-37195.json index 194b90a8d46..3ad70ab2025 100644 --- a/2021/37xxx/CVE-2021-37195.json +++ b/2021/37xxx/CVE-2021-37195.json @@ -15,11 +15,31 @@ "product": { "product_data": [ { - "product_name": "COMOS", + "product_name": "COMOS V10.2", "version": { "version_data": [ { - "version_value": "All versions < V10.4.1" + "version_value": "All versions only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.3.3.2.14 only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.4", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.4.1 only if web components are used" } ] } @@ -46,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment." + "value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment." } ] }, diff --git a/2021/37xxx/CVE-2021-37196.json b/2021/37xxx/CVE-2021-37196.json index 8c2f46e9974..162649c1b0a 100644 --- a/2021/37xxx/CVE-2021-37196.json +++ b/2021/37xxx/CVE-2021-37196.json @@ -15,11 +15,41 @@ "product": { "product_data": [ { - "product_name": "COMOS", + "product_name": "COMOS V10.2", "version": { "version_data": [ { - "version_value": "All versions < V10.4.1" + "version_value": "All versions only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.3.3.2.14 only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_value": "All versions >= V10.3.3.2.14 only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.4", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.4.1 only if web components are used" } ] } @@ -46,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice." + "value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice." } ] }, diff --git a/2021/37xxx/CVE-2021-37197.json b/2021/37xxx/CVE-2021-37197.json index 9fbee5a60db..6fd23bfff19 100644 --- a/2021/37xxx/CVE-2021-37197.json +++ b/2021/37xxx/CVE-2021-37197.json @@ -15,11 +15,31 @@ "product": { "product_data": [ { - "product_name": "COMOS", + "product_name": "COMOS V10.2", "version": { "version_data": [ { - "version_value": "All versions < V10.4.1" + "version_value": "All versions only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.3.3.2.14 only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.4", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.4.1 only if web components are used" } ] } @@ -46,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements." + "value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements." } ] }, diff --git a/2021/37xxx/CVE-2021-37198.json b/2021/37xxx/CVE-2021-37198.json index 235d0ff37b1..6bcc4591e0f 100644 --- a/2021/37xxx/CVE-2021-37198.json +++ b/2021/37xxx/CVE-2021-37198.json @@ -15,11 +15,31 @@ "product": { "product_data": [ { - "product_name": "COMOS", + "product_name": "COMOS V10.2", "version": { "version_data": [ { - "version_value": "All versions < V10.4.1" + "version_value": "All versions only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.3.3.2.14 only if web components are used" + } + ] + } + }, + { + "product_name": "COMOS V10.4", + "version": { + "version_data": [ + { + "version_value": "All versions < V10.4.1 only if web components are used" } ] } @@ -46,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks." + "value": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks." } ] }, diff --git a/2021/37xxx/CVE-2021-37204.json b/2021/37xxx/CVE-2021-37204.json index 78feebc3d4a..7927b3410e4 100644 --- a/2021/37xxx/CVE-2021-37204.json +++ b/2021/37xxx/CVE-2021-37204.json @@ -1,17 +1,120 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-37204", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-37204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.9.4" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V4.5.0 < V4.5.2" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.9.2 < V2.9.4" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-PLCSIM Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-672: Operation on a Resource after Expiration or Release" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf" } ] } diff --git a/2021/37xxx/CVE-2021-37205.json b/2021/37xxx/CVE-2021-37205.json index 79ddcdcf697..3b77654ced3 100644 --- a/2021/37xxx/CVE-2021-37205.json +++ b/2021/37xxx/CVE-2021-37205.json @@ -1,17 +1,120 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-37205", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-37205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC Drive Controller family", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.9.4" + } + ] + } + }, + { + "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V4.5.0 < V4.5.2" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.9.2 < V2.9.4" + } + ] + } + }, + { + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-PLCSIM Advanced", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TIM 1531 IRC (incl. SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions >= V2.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401: Missing Release of Memory after Effective Lifetime" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40358.json b/2021/40xxx/CVE-2021-40358.json index 4a2ef5ccc3d..e91d34d4a1a 100644 --- a/2021/40xxx/CVE-2021-40358.json +++ b/2021/40xxx/CVE-2021-40358.json @@ -39,7 +39,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V9.1 SP1" } ] } @@ -59,7 +59,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V16 Update 5" } ] } @@ -69,7 +69,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V17 Update 2" } ] } @@ -116,7 +116,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files." } ] }, diff --git a/2021/40xxx/CVE-2021-40359.json b/2021/40xxx/CVE-2021-40359.json index a9437a43ae2..8f6d03b5d99 100644 --- a/2021/40xxx/CVE-2021-40359.json +++ b/2021/40xxx/CVE-2021-40359.json @@ -39,7 +39,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V9.1 SP1" } ] } @@ -59,7 +59,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V16 Update 5" } ] } @@ -69,7 +69,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V17 Update 2" } ] } @@ -116,7 +116,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files." } ] }, diff --git a/2021/40xxx/CVE-2021-40360.json b/2021/40xxx/CVE-2021-40360.json index d3548b6ed88..75e13aaccde 100644 --- a/2021/40xxx/CVE-2021-40360.json +++ b/2021/40xxx/CVE-2021-40360.json @@ -1,17 +1,130 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-40360", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-40360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC PCS 7 V8.2 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.1", + "version": { + "version_data": [ + { + "version_value": "All versions < V9.1 SP1" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V15 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V16", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 5" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_value": "All versions < V17 Update 2" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.5 SP2 Update 6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40363.json b/2021/40xxx/CVE-2021-40363.json index 3170a9d4ca5..39b8407546a 100644 --- a/2021/40xxx/CVE-2021-40363.json +++ b/2021/40xxx/CVE-2021-40363.json @@ -1,17 +1,140 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-40363", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-40363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SIMATIC PCS 7 V8.2 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.0", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC PCS 7 V9.1", + "version": { + "version_data": [ + { + "version_value": "All versions < V9.1 SP1" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V15 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V16", + "version": { + "version_data": [ + { + "version_value": "All versions < V16 Update 5" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_value": "All versions < V17 Update 2" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V17", + "version": { + "version_data": [ + { + "version_value": "All versions >= V17 Update 2" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.4 and earlier", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC WinCC V7.5", + "version": { + "version_data": [ + { + "version_value": "All versions < V7.5 SP2 Update 6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf" } ] } diff --git a/2021/40xxx/CVE-2021-40364.json b/2021/40xxx/CVE-2021-40364.json index a8c7fb3d11e..ea87b367d59 100644 --- a/2021/40xxx/CVE-2021-40364.json +++ b/2021/40xxx/CVE-2021-40364.json @@ -39,7 +39,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V9.1 SP1" } ] } @@ -59,7 +59,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V16 Update 5" } ] } @@ -69,7 +69,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V17 Update 2" } ] } @@ -116,7 +116,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system." } ] }, diff --git a/2021/44xxx/CVE-2021-44000.json b/2021/44xxx/CVE-2021-44000.json index 20ea50b542d..905c8f33787 100644 --- a/2021/44xxx/CVE-2021-44000.json +++ b/2021/44xxx/CVE-2021-44000.json @@ -1,17 +1,120 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-44000", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-44000", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "JT2Go", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Solid Edge SE2021", + "version": { + "version_data": [ + { + "version_value": "All versions < SE2021MP9" + } + ] + } + }, + { + "product_name": "Solid Edge SE2022", + "version": { + "version_data": [ + { + "version_value": "All versions < SE2022MP1" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V12.4", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V13.3.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" } ] } diff --git a/2021/44xxx/CVE-2021-44016.json b/2021/44xxx/CVE-2021-44016.json index 78ebcd4d930..3ffb4a7ea83 100644 --- a/2021/44xxx/CVE-2021-44016.json +++ b/2021/44xxx/CVE-2021-44016.json @@ -1,17 +1,120 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-44016", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-44016", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "JT2Go", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Solid Edge SE2021", + "version": { + "version_data": [ + { + "version_value": "All versions < SE2021MP9" + } + ] + } + }, + { + "product_name": "Solid Edge SE2022", + "version": { + "version_data": [ + { + "version_value": "All versions < SE2022MP1" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V12.4", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V13.3.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" } ] } diff --git a/2021/44xxx/CVE-2021-44018.json b/2021/44xxx/CVE-2021-44018.json index 34aca163dd7..7118b85f1d5 100644 --- a/2021/44xxx/CVE-2021-44018.json +++ b/2021/44xxx/CVE-2021-44018.json @@ -1,17 +1,120 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-44018", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-44018", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "JT2Go", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Solid Edge SE2021", + "version": { + "version_data": [ + { + "version_value": "All versions < SE2021MP9" + } + ] + } + }, + { + "product_name": "Solid Edge SE2022", + "version": { + "version_data": [ + { + "version_value": "All versions < SE2022MP1" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V12.4", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Teamcenter Visualization V13.3", + "version": { + "version_data": [ + { + "version_value": "All versions < V13.3.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf" } ] } diff --git a/2021/45xxx/CVE-2021-45106.json b/2021/45xxx/CVE-2021-45106.json index daf8beb37c5..b05e8fb32a4 100644 --- a/2021/45xxx/CVE-2021-45106.json +++ b/2021/45xxx/CVE-2021-45106.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-45106", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-45106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SICAM TOOLBOX II", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798: Use of Hard-coded Credentials" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669737.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46151.json b/2021/46xxx/CVE-2021-46151.json index a5e17e1609e..940077334c8 100644 --- a/2021/46xxx/CVE-2021-46151.json +++ b/2021/46xxx/CVE-2021-46151.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46151", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46151", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46152.json b/2021/46xxx/CVE-2021-46152.json index b331196aaf5..df1fbb56752 100644 --- a/2021/46xxx/CVE-2021-46152.json +++ b/2021/46xxx/CVE-2021-46152.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46152", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46152", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46153.json b/2021/46xxx/CVE-2021-46153.json index 7fcb17900c6..05a4c14f085 100644 --- a/2021/46xxx/CVE-2021-46153.json +++ b/2021/46xxx/CVE-2021-46153.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46153", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46154.json b/2021/46xxx/CVE-2021-46154.json index 1c2416bf2b7..4d9731c705e 100644 --- a/2021/46xxx/CVE-2021-46154.json +++ b/2021/46xxx/CVE-2021-46154.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46154", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46155.json b/2021/46xxx/CVE-2021-46155.json index 2c18568c803..667ee9ed57a 100644 --- a/2021/46xxx/CVE-2021-46155.json +++ b/2021/46xxx/CVE-2021-46155.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46155", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46156.json b/2021/46xxx/CVE-2021-46156.json index 105a117f435..6125a3c000a 100644 --- a/2021/46xxx/CVE-2021-46156.json +++ b/2021/46xxx/CVE-2021-46156.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46156", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46156", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46157.json b/2021/46xxx/CVE-2021-46157.json index ce9b36341e0..3e830d46668 100644 --- a/2021/46xxx/CVE-2021-46157.json +++ b/2021/46xxx/CVE-2021-46157.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46157", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46158.json b/2021/46xxx/CVE-2021-46158.json index 9543c9c3630..11e7977593b 100644 --- a/2021/46xxx/CVE-2021-46158.json +++ b/2021/46xxx/CVE-2021-46158.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46158", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46159.json b/2021/46xxx/CVE-2021-46159.json index 20210b96568..b7b18da25f2 100644 --- a/2021/46xxx/CVE-2021-46159.json +++ b/2021/46xxx/CVE-2021-46159.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46159", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46159", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46160.json b/2021/46xxx/CVE-2021-46160.json index cb1b8f8a053..14d5c3e708e 100644 --- a/2021/46xxx/CVE-2021-46160.json +++ b/2021/46xxx/CVE-2021-46160.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46160", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46160", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2021/46xxx/CVE-2021-46161.json b/2021/46xxx/CVE-2021-46161.json index 19b923ab8a4..9f349b6375e 100644 --- a/2021/46xxx/CVE-2021-46161.json +++ b/2021/46xxx/CVE-2021-46161.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2021-46161", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2021-46161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Simcenter Femap V2020.2", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Simcenter Femap V2021.1", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302)" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf" } ] } diff --git a/2022/23xxx/CVE-2022-23102.json b/2022/23xxx/CVE-2022-23102.json index fda3d8953ff..ebd9bd4c38b 100644 --- a/2022/23xxx/CVE-2022-23102.json +++ b/2022/23xxx/CVE-2022-23102.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2022-23102", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-23102", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "SINEMA Remote Connect Server", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability.\n\nAn attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf" } ] } diff --git a/2022/23xxx/CVE-2022-23312.json b/2022/23xxx/CVE-2022-23312.json index 765da692b57..c71b7354f8c 100644 --- a/2022/23xxx/CVE-2022-23312.json +++ b/2022/23xxx/CVE-2022-23312.json @@ -1,17 +1,60 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2022-23312", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-23312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens", + "product": { + "product_data": [ + { + "product_name": "Spectrum Power 4", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.70 SP9 Security Patch 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application \"Online Help\" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-831168.pdf" } ] }