admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#2429

Browse Source 
Auto-merge PR#2429
This commit is contained in:
CVE Team 2019-08-13 15:00:25 -04:00 committed by GitHub
commit f05e19bad7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 740 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
2019/10xxx/CVE-2019-10916.json
View File

@ -8,133 +8,132 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.4 SP1 Upd 11"
"version_value" : "All versions < V7.4 SP1 Upd 11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.5 Upd 3"
"version_value" : "All versions < V7.5 Upd 3"
}
]
}
}
]
} ]
}
}
]
@ -153,11 +152,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -165,8 +163,9 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server.\n\nThe vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

119
2019/10xxx/CVE-2019-10917.json
View File

@ -8,133 +8,132 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.4 SP1 Upd 11"
"version_value" : "All versions < V7.4 SP1 Upd 11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.5 Upd 3"
"version_value" : "All versions < V7.5 Upd 3"
}
]
}
}
]
} ]
}
}
]
@ -153,11 +152,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -165,8 +163,9 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded.\n\nSuccessful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

119
2019/10xxx/CVE-2019-10918.json
View File

@ -8,133 +8,132 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.4 SP1 Upd 11"
"version_value" : "All versions < V7.4 SP1 Upd 11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.5 Upd 3"
"version_value" : "All versions < V7.5 Upd 3"
}
]
}
}
]
} ]
}
}
]
@ -153,11 +152,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
}
]
},
@ -165,8 +163,9 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions), SIMATIC WinCC (TIA Portal) V15 (All versions), SIMATIC WinCC Runtime Professional (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges.\n\nThe vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

107
2019/10xxx/CVE-2019-10927.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10927",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product_name": "SCALANCE SC-600",
"version" : {
"version_data" : [
{
"version_value" : "V2.0"
}
]
}
},
{
"product_name": "SCALANCE XB-200",
"version" : {
"version_data" : [
{
"version_value" : "V4.1"
}
]
}
},
{
"product_name": "SCALANCE XC-200",
"version" : {
"version_data" : [
{
"version_value" : "V4.1"
}
]
}
},
{
"product_name": "SCALANCE XF-200BA",
"version" : {
"version_data" : [
{
"version_value" : "V4.1"
}
]
}
},
{
"product_name": "SCALANCE XP-200",
"version" : {
"version_data" : [
{
"version_value" : "V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR-300WG",
"version" : {
"version_data" : [
{
"version_value" : "V4.1"
}
]
}
} ]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition.\n\nThe security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device."
}
]
}
}
}

57
2019/10xxx/CVE-2019-10928.json
View File

@ -1,18 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10928",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product_name": "SCALANCE SC-600",
"version" : {
"version_data" : [
{
"version_value" : "V2.0"
}
]
}
} ]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands.\n\nThe security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device."
}
]
}
}
}

106
2019/10xxx/CVE-2019-10929.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10929",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family",
"version" : {
"version_data" : [
{
"version_value" : "All versions >= V4.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
} ]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp, due to certain properties in the calculation used for integrity protection.\n\nIn order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication.\n\nNo public exploitation of the vulnerability was known at the time of advisory publication."
}
]
}
}
}

53
2019/10xxx/CVE-2019-10930.json
View File

@ -8,53 +8,52 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.90"
"version_value" : "All versions < V7.90"
}
]
}
},
{
{
"product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "DIGSI 5 engineering software",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.90"
"version_value" : "All versions < V7.90"
}
]
}
}
]
} ]
}
}
]
@ -73,11 +72,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
},
@ -89,4 +87,5 @@
}
]
}
}
}

53
2019/10xxx/CVE-2019-10931.json
View File

@ -8,53 +8,52 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.90"
"version_value" : "All versions < V7.90"
}
]
}
},
{
{
"product_name": "All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "DIGSI 5 engineering software",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.90"
"version_value" : "All versions < V7.90"
}
]
}
}
]
} ]
}
}
]
@ -73,11 +72,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
}
]
},
@ -89,4 +87,5 @@
}
]
}
}
}

55
2019/10xxx/CVE-2019-10933.json
View File

@ -8,53 +8,52 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "Spectrum Power 3 (Corporate User Interface)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions <= v3.11"
"version_value" : "All versions <= v3.11"
}
]
}
},
{
{
"product_name": "Spectrum Power 4 (Corporate User Interface)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "Version v4.75"
"version_value" : "Version v4.75"
}
]
}
},
{
{
"product_name": "Spectrum Power 5 (Corporate User Interface)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions <= v5.50"
"version_value" : "All versions < v5.50"
}
]
}
},
{
{
"product_name": "Spectrum Power 7 (Corporate User Interface)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions <= v2.20"
"version_value" : "All versions <= v2.20"
}
]
}
}
]
} ]
}
}
]
@ -73,11 +72,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"
}
]
},
@ -85,8 +83,9 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions <= v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known."
"value": "A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.\n\nUser interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.\n\nAt the stage of publishing this security advisory no public exploitation is known."
}
]
}
}
}

146
2019/10xxx/CVE-2019-10935.json
View File

@ -8,153 +8,152 @@
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor": {
"vendor_data": [
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product" : {
"product_data" : [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11"
}
]
}
},
{
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
"version_value" : "All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Professional (TIA Portal V13)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Professional (TIA Portal V14)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Professional (TIA Portal V15)",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional V13",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional V14",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V14 SP1 Upd 8"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC Runtime Professional V15",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions"
"version_value" : "All versions < V7.3 Upd 19"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.4 SP1 Upd 11"
"version_value" : "All versions < V7.4 SP1 Upd 11"
}
]
}
},
{
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
"version" : {
"version_data" : [
{
"version_value": "All versions < V7.5 Upd 3"
"version_value" : "All versions < V7.5 Upd 3"
}
]
}
}
]
} ]
}
}
]
@ -173,26 +172,10 @@
]
},
"references": {
"reference_data": [
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
},
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"
},
{
"refsource": "BID",
"name": "109127",
"url": "http://www.securityfocus.com/bid/109127"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-192-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-192-02"
}
]
},
@ -200,8 +183,9 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions), SIMATIC WinCC Professional (TIA Portal V15) (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code. The security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd 11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC Professional (TIA Portal V13) (All versions), SIMATIC WinCC Professional (TIA Portal V14) (All versions), SIMATIC WinCC Professional (TIA Portal V15) (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). The SIMATIC WinCC DataMonitor web application of the affected products allows to upload arbitrary ASPX code.\n\nThe security vulnerability could be exploited by an authenticated attacker with network access to the WinCC DataMonitor application. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device.\n\nAt the stage of publishing this security advisory no public exploitation is known."
}
]
}
}
}

77
2019/10xxx/CVE-2019-10942.json
View File

@ -1,18 +1,81 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10942",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product_name": "SCALANCE X-200",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SCALANCE X-200RNA",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
} ]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-410: Insufficient Resource Pool"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SCALANCE X-200 (All versions), SCALANCE X-200IRT (All versions), SCALANCE X-200RNA (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service.\n\nThe security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
}
}
}

107
2019/10xxx/CVE-2019-10943.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10943",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"affects": {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "Siemens AG",
"product" : {
"product_data" : [
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family",
"version" : {
"version_data" : [
{
"version_value" : "All versions >= V4.0"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-PLCSIM Advanced",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
} ]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-353: Missing Support for Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device.\n\nAn attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.\n\nNo public exploitation of the vulnerability was known at the time of advisory publication."
}
]
}
}
}