diff --git a/2018/10xxx/CVE-2018-10603.json b/2018/10xxx/CVE-2018-10603.json index 750151d243a..c19a26849de 100644 --- a/2018/10xxx/CVE-2018-10603.json +++ b/2018/10xxx/CVE-2018-10603.json @@ -1,8 +1,42 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-05-22T00:00:00", "ID" : "CVE-2018-10603", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "TELEM GW6", + "version" : { + "version_data" : [ + { + "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + }, + { + "product_name" : "TELEM GWM", + "version" : { + "version_data" : [ + { + "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Martem" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +45,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Martem TELEM-GW6/GWM 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01" } ] } diff --git a/2018/10xxx/CVE-2018-10607.json b/2018/10xxx/CVE-2018-10607.json index 9ae20e62da3..6b6e10e2942 100644 --- a/2018/10xxx/CVE-2018-10607.json +++ b/2018/10xxx/CVE-2018-10607.json @@ -1,8 +1,42 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-05-22T00:00:00", "ID" : "CVE-2018-10607", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "TELEM GW6", + "version" : { + "version_data" : [ + { + "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + }, + { + "product_name" : "TELEM GWM", + "version" : { + "version_data" : [ + { + "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Martem" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +45,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Martem TELEM-GW6/GWM 2018.04.18-linux_4-01-601cb47 and prior allows the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01" + }, + { + "url" : "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf" } ] } diff --git a/2018/10xxx/CVE-2018-10609.json b/2018/10xxx/CVE-2018-10609.json index 37e45228bdd..c8eb904d433 100644 --- a/2018/10xxx/CVE-2018-10609.json +++ b/2018/10xxx/CVE-2018-10609.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-05-22T00:00:00", "ID" : "CVE-2018-10609", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "TELEM-GW6/GWM", + "version" : { + "version_data" : [ + { + "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Martem" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Martem TELEM-GW6/GWM 2018.04.18-linux_4-01-601cb47 and prior allows improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01" + }, + { + "url" : "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf" } ] }