From fbc45d3cc879abf425eb4ed3203e03b5d824bebb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jun 2022 17:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/2xxx/CVE-2013-2180.json | 55 ++------------------ 2013/2xxx/CVE-2013-2216.json | 14 +++--- 2017/20xxx/CVE-2017-20121.json | 18 +++++++ 2021/33xxx/CVE-2021-33647.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33648.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33649.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33650.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33651.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33652.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33653.json | 50 ++++++++++++++++-- 2021/33xxx/CVE-2021-33654.json | 50 ++++++++++++++++-- 2022/2xxx/CVE-2022-2088.json | 92 +++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2106.json | 92 +++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2140.json | 92 +++++++++++++++++++++++++++++++--- 2022/2xxx/CVE-2022-2223.json | 18 +++++++ 2022/2xxx/CVE-2022-2224.json | 18 +++++++ 16 files changed, 698 insertions(+), 101 deletions(-) create mode 100644 2017/20xxx/CVE-2017-20121.json create mode 100644 2022/2xxx/CVE-2022-2223.json create mode 100644 2022/2xxx/CVE-2022-2224.json diff --git a/2013/2xxx/CVE-2013-2180.json b/2013/2xxx/CVE-2013-2180.json index da1de5654e8..90349fc3655 100644 --- a/2013/2xxx/CVE-2013-2180.json +++ b/2013/2xxx/CVE-2013-2180.json @@ -4,63 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2013-2180", - "ASSIGNER": "secalert@redhat.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Wordpress UK Cookie Plugin", - "version": { - "version_data": [ - { - "version_value": "Wordpress UK Cookie Plugin 1.1" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-352" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://seclists.org/oss-sec/2013/q2/559", - "url": "https://seclists.org/oss-sec/2013/q2/559" - }, - { - "refsource": "MISC", - "name": "https://github.com/wpscanteam/wpscan/issues/184", - "url": "https://github.com/wpscanteam/wpscan/issues/184" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "WordPress Plugin UK Cookie is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin UK Cookie version 1.1 is vulnerable; other versions may also be affected." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2013/2xxx/CVE-2013-2216.json b/2013/2xxx/CVE-2013-2216.json index 51da00a6672..c3d1c387453 100644 --- a/2013/2xxx/CVE-2013-2216.json +++ b/2013/2xxx/CVE-2013-2216.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2013-2216", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2216", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2017/20xxx/CVE-2017-20121.json b/2017/20xxx/CVE-2017-20121.json new file mode 100644 index 00000000000..318aba7d81f --- /dev/null +++ b/2017/20xxx/CVE-2017-20121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-20121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33647.json b/2021/33xxx/CVE-2021-33647.json index 644556e5cfc..8ab25ef62bc 100644 --- a/2021/33xxx/CVE-2021-33647.json +++ b/2021/33xxx/CVE-2021-33647.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 0.7.0-beta, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-008_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers." } ] } diff --git a/2021/33xxx/CVE-2021-33648.json b/2021/33xxx/CVE-2021-33648.json index eaf8d6e260e..4028c674457 100644 --- a/2021/33xxx/CVE-2021-33648.json +++ b/2021/33xxx/CVE-2021-33648.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 1.1.0, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-007_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers." } ] } diff --git a/2021/33xxx/CVE-2021-33649.json b/2021/33xxx/CVE-2021-33649.json index d11f0612e17..003e6e98cba 100644 --- a/2021/33xxx/CVE-2021-33649.json +++ b/2021/33xxx/CVE-2021-33649.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 0.7.0-beta, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-006_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers." } ] } diff --git a/2021/33xxx/CVE-2021-33650.json b/2021/33xxx/CVE-2021-33650.json index f145cfa2c95..2c385208c2d 100644 --- a/2021/33xxx/CVE-2021-33650.json +++ b/2021/33xxx/CVE-2021-33650.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 1.2.0, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers." } ] } diff --git a/2021/33xxx/CVE-2021-33651.json b/2021/33xxx/CVE-2021-33651.json index d8e90d81539..6713966275a 100644 --- a/2021/33xxx/CVE-2021-33651.json +++ b/2021/33xxx/CVE-2021-33651.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 1.1.0, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 Division by Zero Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception." } ] } diff --git a/2021/33xxx/CVE-2021-33652.json b/2021/33xxx/CVE-2021-33652.json index d3008d1afe1..8c504f654ac 100644 --- a/2021/33xxx/CVE-2021-33652.json +++ b/2021/33xxx/CVE-2021-33652.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 0.7.0-beta, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 Division by Zero Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-003_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception." } ] } diff --git a/2021/33xxx/CVE-2021-33653.json b/2021/33xxx/CVE-2021-33653.json index a40cf851c83..fce829d419e 100644 --- a/2021/33xxx/CVE-2021-33653.json +++ b/2021/33xxx/CVE-2021-33653.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 0.7.0-beta, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 Division by Zero Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception." } ] } diff --git a/2021/33xxx/CVE-2021-33654.json b/2021/33xxx/CVE-2021-33654.json index b3015b63828..f51fb4d370c 100644 --- a/2021/33xxx/CVE-2021-33654.json +++ b/2021/33xxx/CVE-2021-33654.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "securities@openeuler.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "openEuler:mindspore", + "version": { + "version_data": [ + { + "version_value": ">= 0.7.0-beta, < 1.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-369 Division by Zero Exception" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md", + "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception." } ] } diff --git a/2022/2xxx/CVE-2022-2088.json b/2022/2xxx/CVE-2022-2088.json index 40234684451..008b8515d91 100644 --- a/2022/2xxx/CVE-2022-2088.json +++ b/2022/2xxx/CVE-2022-2088.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2088", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Elcomplus SmartICS Access Control" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartICS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v2.3.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Elcomplus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Elcomplus has released Version 2.4 to address these vulnerabilities and recommends users update to the newest version. Users can obtain the new version on request on the official SmartICS website https://smartics.io/" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2106.json b/2022/2xxx/CVE-2022-2106.json index 284eef49d45..972a96874e1 100644 --- a/2022/2xxx/CVE-2022-2106.json +++ b/2022/2xxx/CVE-2022-2106.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Elcomplus SmartICS Path Traversal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartICS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v2.3.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Elcomplus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23 Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Elcomplus has released Version 2.4 to address these vulnerabilities and recommends users update to the newest version. Users can obtain the new version on request on the official SmartICS website https://smartics.io/" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2140.json b/2022/2xxx/CVE-2022-2140.json index 6e5868941de..6b10fae2045 100644 --- a/2022/2xxx/CVE-2022-2140.json +++ b/2022/2xxx/CVE-2022-2140.json @@ -1,18 +1,98 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2022-2140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Elcomplus SmartICS Cross-site Scripting" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SmartICS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "v2.3.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Elcomplus" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Michael Heinzl reported these vulnerabilities to CISA." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05", + "refsource": "CONFIRM", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-05" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Elcomplus has released Version 2.4 to address these vulnerabilities and recommends users update to the newest version. Users can obtain the new version on request on the official SmartICS website https://smartics.io/" + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2223.json b/2022/2xxx/CVE-2022-2223.json new file mode 100644 index 00000000000..fd278019750 --- /dev/null +++ b/2022/2xxx/CVE-2022-2223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/2xxx/CVE-2022-2224.json b/2022/2xxx/CVE-2022-2224.json new file mode 100644 index 00000000000..64d3f4ead04 --- /dev/null +++ b/2022/2xxx/CVE-2022-2224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file