admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-09 07:00:33 +00:00
parent 675eda347e
commit f3b3191cca
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 1652 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
2022/47xxx/CVE-2022-47185.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-47185",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Traffic Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Katsutoshi Ikenoya"
}
]
}

78
2023/26xxx/CVE-2023-26310.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@oppo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There is a command injection problem in the old version of the mobile phone backup app.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
"cweId": "CWE-88"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OPPO",
"product": {
"product_data": [
{
"product_name": "OPPO Find X3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "ColorOS 12.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632",
"refsource": "MISC",
"name": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1684402464721477632"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

69
2023/33xxx/CVE-2023-33934.json
View File

@ -1,18 +1,77 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Traffic Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "9.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, Harvey Tuch"
}
]
}

149
2023/37xxx/CVE-2023-37855.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"cweId": "CWE-610"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37856.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"cweId": "CWE-610"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37857.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37857",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37858.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37859.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37859",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37860.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37860",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37861.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37862.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37863.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37863",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10\u00a0a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

149
2023/37xxx/CVE-2023-37864.json
View File

@ -1,17 +1,158 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37864",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@cert.vde.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges\u00a0may use an a special SNMP request to gain full access to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check",
"cweId": "CWE-494"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHOENIX CONTACT",
"product": {
"product_data": [
{
"product_name": "WP 6070-WVPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6101-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6121-WXPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6156-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6185-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
},
{
"product_name": "WP 6215-WHPS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.0.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-018/",
"refsource": "MISC",
"name": "https://cert.vde.com/en/advisories/VDE-2023-018/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "VDE-2023-018",
"defect": [
"CERT@VDE#64468"
],
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Gabriele Quagliarella from Nozomi Networks Labs"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}