From f3b3a2595611f74cd6de7014e6fac91b69dc3644 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 5 Jan 2023 22:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/125xxx/CVE-2014-125045.json | 106 ++++++++++++++++++ 2021/40xxx/CVE-2021-40341.json | 177 ++++++++++++++++++++++++++++++- 2021/40xxx/CVE-2021-40342.json | 177 ++++++++++++++++++++++++++++++- 2021/41xxx/CVE-2021-41006.json | 8 +- 2021/41xxx/CVE-2021-41007.json | 8 +- 2021/41xxx/CVE-2021-41008.json | 8 +- 2021/41xxx/CVE-2021-41009.json | 8 +- 2021/41xxx/CVE-2021-41010.json | 8 +- 2022/3xxx/CVE-2022-3927.json | 177 ++++++++++++++++++++++++++++++- 2022/3xxx/CVE-2022-3928.json | 177 ++++++++++++++++++++++++++++++- 2022/3xxx/CVE-2022-3929.json | 177 ++++++++++++++++++++++++++++++- 2023/0xxx/CVE-2023-0093.json | 18 ++++ 12 files changed, 1009 insertions(+), 40 deletions(-) create mode 100644 2014/125xxx/CVE-2014-125045.json create mode 100644 2023/0xxx/CVE-2023-0093.json diff --git a/2014/125xxx/CVE-2014-125045.json b/2014/125xxx/CVE-2014-125045.json new file mode 100644 index 00000000000..8a4c84248ee --- /dev/null +++ b/2014/125xxx/CVE-2014-125045.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2014-125045", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The name of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In meol1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion GetAnimal der Datei opdracht4/index.php. Dank der Manipulation des Arguments where mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Patch wird als 82441e413f87920d1e8f866e8ef9d7f353a7c583 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "meol1", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217525", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217525" + }, + { + "url": "https://vuldb.com/?ctiid.217525", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217525" + }, + { + "url": "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583", + "refsource": "MISC", + "name": "https://github.com/Miesvanderlippe/meol1/commit/82441e413f87920d1e8f866e8ef9d7f353a7c583" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2021/40xxx/CVE-2021-40341.json b/2021/40xxx/CVE-2021-40341.json index 5bb426b5d09..64d8549d64b 100644 --- a/2021/40xxx/CVE-2021-40341.json +++ b/2021/40xxx/CVE-2021-40341.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40341", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "=" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n

For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n

For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
" + } + ], + "value": "\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication.\u00a0\n * Embedded FOXCST with RADIUS authentication should be avoided.\u00a0\n * Database contains credentials with weak encryption.\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/40xxx/CVE-2021-40342.json b/2021/40xxx/CVE-2021-40342.json index 664da61ab94..2fe3c8c096e 100644 --- a/2021/40xxx/CVE-2021-40342.json +++ b/2021/40xxx/CVE-2021-40342.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-40342", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "=" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n

For immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n

For immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
" + } + ], + "value": "\n\n\nThe vulnerabilities are partially remediated in FOXMAN-UN R16A or UNEM R16A, the full remediation will be done in the upcoming release (planned).\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R16A or UNEM R16A,\nplease refer to the \n\nDatabase contains credentials with weak encryption\n\nclause of section Mitigation Factors/Workarounds\nin the respective products' advisory.\n\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication. \n * Embedded FOXCST with RADIUS authentication should be avoided. \n * Database contains credentials with weak encryption.\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2021/41xxx/CVE-2021-41006.json b/2021/41xxx/CVE-2021-41006.json index afffa7153ed..d25b768ce35 100644 --- a/2021/41xxx/CVE-2021-41006.json +++ b/2021/41xxx/CVE-2021-41006.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41006", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41007.json b/2021/41xxx/CVE-2021-41007.json index 93ca24e752a..b9e5d2ad1b2 100644 --- a/2021/41xxx/CVE-2021-41007.json +++ b/2021/41xxx/CVE-2021-41007.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41008.json b/2021/41xxx/CVE-2021-41008.json index 6de43d24a70..10917dca960 100644 --- a/2021/41xxx/CVE-2021-41008.json +++ b/2021/41xxx/CVE-2021-41008.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41008", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41009.json b/2021/41xxx/CVE-2021-41009.json index 40a7b4ffddd..59cddfb7943 100644 --- a/2021/41xxx/CVE-2021-41009.json +++ b/2021/41xxx/CVE-2021-41009.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41009", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2021/41xxx/CVE-2021-41010.json b/2021/41xxx/CVE-2021-41010.json index b3916dfff76..2fb353ed00c 100644 --- a/2021/41xxx/CVE-2021-41010.json +++ b/2021/41xxx/CVE-2021-41010.json @@ -1,17 +1,17 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-41010", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CVE was unused by HPE." } ] } diff --git a/2022/3xxx/CVE-2022-3927.json b/2022/3xxx/CVE-2022-3927.json index 193baf24b46..5e46d19400f 100644 --- a/2022/3xxx/CVE-2022-3927.json +++ b/2022/3xxx/CVE-2022-3927.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "!" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "!" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B and earlier, follow the recommended security practices as described in section Mitigation Factors/Workarounds in the respective products' advisory." + } + ], + "value": "For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B\u00a0and earlier, follow the recommended security practices as described in section\u00a0Mitigation Factors/Workarounds in the respective products' advisory." + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3928.json b/2022/3xxx/CVE-2022-3928.json index f57945dcd47..86a60c482e3 100644 --- a/2022/3xxx/CVE-2022-3928.json +++ b/2022/3xxx/CVE-2022-3928.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "!" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "!" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
\n\n" + } + ], + "value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/3xxx/CVE-2022-3929.json b/2022/3xxx/CVE-2022-3929.json index cc7b8fec5d2..d2454170181 100644 --- a/2022/3xxx/CVE-2022-3929.json +++ b/2022/3xxx/CVE-2022-3929.json @@ -1,17 +1,186 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@hitachienergy.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319 Cleartext Transmission of Sensitive Information", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hitachi Energy", + "product": { + "product_data": [ + { + "product_name": "FOXMAN-UN", + "version": { + "version_data": [ + { + "version_value": "FOXMAN-UN R16A", + "version_affected": "!" + }, + { + "version_value": "FOXMAN-UN R15B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R15A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R14A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11B", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R11A", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R10C", + "version_affected": "=" + }, + { + "version_value": "FOXMAN-UN R9C", + "version_affected": "=" + } + ] + } + }, + { + "product_name": "UNEM", + "version": { + "version_data": [ + { + "version_value": "UNEM R16A", + "version_affected": "!" + }, + { + "version_value": "UNEM R15B", + "version_affected": "=" + }, + { + "version_value": "UNEM R15A", + "version_affected": "=" + }, + { + "version_value": "UNEM R14B", + "version_affected": "=" + }, + { + "version_value": "UNEM R14A", + "version_affected": "=" + }, + { + "version_value": "UNEM R11B", + "version_affected": "=" + }, + { + "version_value": "UNEM R11A", + "version_affected": "=" + }, + { + "version_value": "UNEM R10C", + "version_affected": "=" + }, + { + "version_value": "UNEM R9C", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory
\n\n" + } + ], + "value": "\nFor immediate recommended mitigation actions if using FOXMAN-UN R15B or UNEM R15B and earlier, please refer to the multiple clauses of section Mitigation Factors/Workarounds in the advisory\n * Secure the NMS CLIENT/SERVER communication.\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "K-Businessom AG, Austria" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/0xxx/CVE-2023-0093.json b/2023/0xxx/CVE-2023-0093.json new file mode 100644 index 00000000000..0a6f7e5f61f --- /dev/null +++ b/2023/0xxx/CVE-2023-0093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file