admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-13 09:00:43 +00:00
parent a0d99769dd
commit ff0a184a3d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
48 changed files with 5436 additions and 1110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

568
2018/4xxx/CVE-2018-4834.json
View File

@ -1,53 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-01-24T00:00:00",
"ID": "CVE-2018-4834",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E",
"version": {
"version_data": [
{
"version_value": "Desigo Automation Controllers Compact PXC12/22/36-E.D : All versions < V6.00.204"
},
{
"version_value": "Desigo Automation Controllers Modular PXC00/50/100/200-E.D : All versions < V6.00.204"
},
{
"version_value": "Desigo Automation Controllers PXC00/64/128-U with Web module : All versions < V6.00.204"
},
{
"version_value": "Desigo Automation Controllers for Integration PXC001-E.D : All versions < V6.00.204"
},
{
"version_value": "Desigo Operator Unit PXM20-E : All versions < V6.00.204"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
"value": "A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
}
]
},
@ -57,28 +21,526 @@
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Desigo PXC00-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC00-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC00-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC00-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC00/64/128-U V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111 only with web module"
}
]
}
},
{
"product_name": "Desigo PXC00/64/128-U V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171 only with web module"
}
]
}
},
{
"product_name": "Desigo PXC00/64/128-U V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69 only with web module"
}
]
}
},
{
"product_name": "Desigo PXC00/64/128-U V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204 only with web module"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
},
{
"product_name": "Desigo PXM20-E V4.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V4.10.111"
}
]
}
},
{
"product_name": "Desigo PXM20-E V5.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.0.171"
}
]
}
},
{
"product_name": "Desigo PXM20-E V5.10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.10.69"
}
]
}
},
{
"product_name": "Desigo PXM20-E V6.00",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V6.0.204"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02"
},
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf"
}
]
},
"impact": {
"cvss": [
{
"name": "102850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102850"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf"
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

103
2022/31xxx/CVE-2022-31465.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-31465",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-31465",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,11 +36,45 @@
"product": {
"product_data": [
{
"product_name": "Xpedition Designer",
"product_name": "Xpedition Designer VX.2.10",
"version": {
"version_data": [
{
"version_value": "All versions < VX.2.11"
"version_affected": "=",
"version_value": "All versions < VX.2.10 Update 13"
}
]
}
},
{
"product_name": "Xpedition Designer VX.2.11",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < VX.2.11 Update 11"
}
]
}
},
{
"product_name": "Xpedition Designer VX.2.12",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < VX.2.12 Update 5"
}
]
}
},
{
"product_name": "Xpedition Designer VX.2.13",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < VX.2.13 Update 1"
}
]
}
@ -30,33 +85,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

105
2022/33xxx/CVE-2022-33877.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiConverter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.1"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.3"
}
]
}
},
{
"product_name": "FortiClientWindows",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-229",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-229"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiClientWindows version 7.0.7 or above\r\nPlease upgrade to FortiClientWindows version 6.4.9 or above\nPlease upgrade to FortiConverter version 7.0.1 or above\r\nPlease upgrade to FortiConverter version 6.2.2 or above\n\u00a0"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X"
}
]
}

78
2022/39xxx/CVE-2022-39136.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-39136",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-39136",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,17 +40,19 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_value": "All versions < V13.3.0.7"
"version_affected": "=",
"version_value": "All versions < V13.2.0.12"
}
]
}
@ -39,6 +62,11 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.7"
},
{
"version_affected": "=",
"version_value": "All versions >= V13.3.0.7 < V13.3.0.8"
}
]
@ -49,6 +77,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.3"
}
]
@ -59,6 +88,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
@ -70,33 +100,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

109
2022/39xxx/CVE-2022-39946.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker\u00a0authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiNAC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "9.4.0",
"version_value": "9.4.1"
},
{
"version_affected": "<=",
"version_name": "9.2.0",
"version_value": "9.2.6"
},
{
"version_affected": "<=",
"version_name": "9.1.0",
"version_value": "9.1.10"
},
{
"version_affected": "<=",
"version_name": "8.8.0",
"version_value": "8.8.11"
},
{
"version_affected": "<=",
"version_name": "8.7.0",
"version_value": "8.7.6"
},
{
"version_affected": "<=",
"version_name": "8.6.0",
"version_value": "8.6.5"
},
{
"version_affected": "<=",
"version_name": "8.5.0",
"version_value": "8.5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-332",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-332"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.0 or above\r\nPlease upgrade to FortiNAC version 9.4.3 or above\r\nPlease upgrade to FortiNAC version 9.2.8 or above\n\u00a0"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:X/RC:C"
}
]
}

407
2022/40xxx/CVE-2022-40226.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-40226",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-40226",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,176 +40,75 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
@ -199,176 +119,75 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
@ -380,33 +199,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}
}

101
2022/41xxx/CVE-2022-41327.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-41327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.8"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-380",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-380"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.9 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C"
}
]
}

80
2022/41xxx/CVE-2022-41660.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-41660",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41660",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,16 +40,29 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.7"
}
]
@ -39,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.3"
}
]
@ -49,6 +84,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
@ -60,33 +96,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

80
2022/41xxx/CVE-2022-41661.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-41661",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41661",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,16 +40,29 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.7"
}
]
@ -39,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.3"
}
]
@ -49,6 +84,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
@ -60,33 +96,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

80
2022/41xxx/CVE-2022-41662.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-41662",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41662",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,16 +40,29 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.7"
}
]
@ -39,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.3"
}
]
@ -49,6 +84,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
@ -60,33 +96,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

80
2022/41xxx/CVE-2022-41663.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-41663",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41663",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,16 +40,29 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.7"
}
]
@ -39,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.3"
}
]
@ -49,6 +84,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
@ -60,33 +96,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

80
2022/41xxx/CVE-2022-41664.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-41664",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41664",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,16 +40,29 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.12"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.7"
}
]
@ -39,6 +73,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.3"
}
]
@ -49,6 +84,7 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.4"
}
]
@ -60,33 +96,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}
}

407
2022/41xxx/CVE-2022-41665.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-41665",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-41665",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"cweId": "CWE-141"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -19,176 +40,75 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
@ -199,176 +119,75 @@
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
@ -380,33 +199,23 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}
}

148
2022/42xxx/CVE-2022-42474.json
View File

@ -1,17 +1,157 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42474",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-23"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSwitchManager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.1"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.7"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.11"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
},
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.7"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.12"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-393",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-393"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.10 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiSwitchManager version 7.2.2 or above\r\nPlease upgrade to FortiSwitchManager version 7.0.2 or above\r\nPlease upgrade to FortiProxy version 7.2.2 or above\r\nPlease upgrade to FortiProxy version 7.0.8 or above\r\nPlease upgrade to FortiProxy version 2.0.12 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:P/RL:X/RC:C"
}
]
}

132
2022/42xxx/CVE-2022-42478.json
View File

@ -1,17 +1,141 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-42478",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control",
"cweId": "CWE-307"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSIEM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.7.0"
},
{
"version_affected": "<=",
"version_name": "6.6.0",
"version_value": "6.6.3"
},
{
"version_affected": "<=",
"version_name": "6.5.0",
"version_value": "6.5.1"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.3"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.1"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.2"
},
{
"version_affected": "=",
"version_value": "5.4.0"
},
{
"version_affected": "<=",
"version_name": "5.3.0",
"version_value": "5.3.3"
},
{
"version_affected": "<=",
"version_name": "5.2.5",
"version_value": "5.2.8"
},
{
"version_affected": "<=",
"version_name": "5.2.1",
"version_value": "5.2.2"
},
{
"version_affected": "<=",
"version_name": "5.1.0",
"version_value": "5.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-258",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-258"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.1 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:U/RC:C"
}
]
}

85
2022/43xxx/CVE-2022-43398.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-43398",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43398",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation",
"cweId": "CWE-384"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,21 +36,12 @@
"product": {
"product_data": [
{
"product_name": "POWER METER SICAM Q100",
"product_name": "POWER METER SICAM Q200 family",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
}
]
}
},
{
"product_name": "POWER METER SICAM Q100",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V2.70"
}
]
}
@ -40,32 +52,27 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

230
2022/43xxx/CVE-2022-43439.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-43439",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43439",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,21 +36,170 @@
"product": {
"product_data": [
{
"product_name": "POWER METER SICAM Q100",
"product_name": "POWER METER SICAM Q200 family",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V2.70"
}
]
}
},
{
"product_name": "POWER METER SICAM Q100",
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
@ -40,32 +210,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
]
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

230
2022/43xxx/CVE-2022-43545.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-43545",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43545",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,21 +36,170 @@
"product": {
"product_data": [
{
"product_name": "POWER METER SICAM Q100",
"product_name": "POWER METER SICAM Q200 family",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V2.70"
}
]
}
},
{
"product_name": "POWER METER SICAM Q100",
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
@ -40,32 +210,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
]
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

230
2022/43xxx/CVE-2022-43546.json
View File

@ -1,12 +1,33 @@
{
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-43546",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2022-43546",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
@ -15,21 +36,170 @@
"product": {
"product_data": [
{
"product_name": "POWER METER SICAM Q100",
"product_name": "POWER METER SICAM Q200 family",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V2.70"
}
]
}
},
{
"product_name": "POWER METER SICAM Q100",
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions < V2.50"
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
},
{
"version_affected": "=",
"version_value": "All versions < V3.10"
}
]
}
@ -40,32 +210,32 @@
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
]
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-570294.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

118
2022/43xxx/CVE-2022-43949.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43949",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-327"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSIEM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.7.0",
"version_value": "6.7.1"
},
{
"version_affected": "<=",
"version_name": "6.6.0",
"version_value": "6.6.3"
},
{
"version_affected": "<=",
"version_name": "6.5.0",
"version_value": "6.5.1"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.3"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.1"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.2"
},
{
"version_affected": "=",
"version_value": "5.4.0"
},
{
"version_affected": "<=",
"version_name": "5.3.0",
"version_value": "5.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-259",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-259"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.2 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C"
}
]
}

111
2022/43xxx/CVE-2022-43953.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-134"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.7"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.4"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.11"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.12"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-463",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-463"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"
}
]
}

103
2023/22xxx/CVE-2023-22633.json
View File

@ -1,17 +1,112 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service",
"cweId": "CWE-264"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiNAC",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "9.4.0",
"version_value": "9.4.1"
},
{
"version_affected": "<=",
"version_name": "9.2.0",
"version_value": "9.2.6"
},
{
"version_affected": "<=",
"version_name": "9.1.0",
"version_value": "9.1.8"
},
{
"version_affected": "<=",
"version_name": "8.8.0",
"version_value": "8.8.11"
},
{
"version_affected": "<=",
"version_name": "8.7.0",
"version_value": "8.7.6"
},
{
"version_affected": "=",
"version_value": "7.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-521",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-521"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC-F version 7.2.1 or above\r\nPlease upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 9.2.7 or above\r\nPlease upgrade to FortiNAC version 9.1.9 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R"
}
]
}

136
2023/22xxx/CVE-2023-22639.json
View File

@ -1,17 +1,145 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.10"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.12"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.15"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.17"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.2"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.8"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.12"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
},
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-494",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-494"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.4 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiProxy version 7.2.3 or above\r\nPlease upgrade to FortiProxy version 7.0.9 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"
}
]
}

111
2023/25xxx/CVE-2023-25609.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25609",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A server-side request forgery (SSRF) vulnerability\u00a0[CWE-918] in\u00a0FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiAnalyzer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.8",
"version_value": "6.4.11"
}
]
}
},
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.8",
"version_value": "6.4.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-493",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-493"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C"
}
]
}

86
2023/25xxx/CVE-2023-25910.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25910",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-PM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC STEP 7 V5",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V5.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:T/RC:C",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
}
]
}

10
2023/25xxx/CVE-2023-25957.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All Versions >= 1.16.4 < 1.17.2), Mendix SAML (Mendix 8 compatible) (All versions >= 2.2.0 < 2.2.3), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= 3.1.9 < 3.2.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= 3.1.9 < 3.2.5). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application."
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.\r\n\r\nFor compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled."
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All Versions >= 1.16.4 < 1.17.2"
"version_value": "All versions >= V1.16.4 < V1.17.3"
}
]
}
@ -52,7 +52,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= 2.2.0 < 2.2.3"
"version_value": "All versions >= V2.2.0 < V2.3.0"
}
]
}
@ -63,7 +63,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= 3.1.9 < 3.2.5"
"version_value": "All versions >= V3.1.9 < V3.3.1"
}
]
}
@ -74,7 +74,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= 3.1.9 < 3.2.5"
"version_value": "All versions >= V3.1.8 < V3.3.0"
}
]
}

118
2023/26xxx/CVE-2023-26204.json
View File

@ -1,17 +1,127 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow\u00a0an attacker able to access user DB content to impersonate any admin user on the device GUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control",
"cweId": "CWE-256"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiSIEM",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "6.7.0",
"version_value": "6.7.5"
},
{
"version_affected": "<=",
"version_name": "6.6.0",
"version_value": "6.6.3"
},
{
"version_affected": "<=",
"version_name": "6.5.0",
"version_value": "6.5.1"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.3"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.1"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.2"
},
{
"version_affected": "=",
"version_value": "5.4.0"
},
{
"version_affected": "<=",
"version_name": "5.3.0",
"version_value": "5.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-21-141",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-21-141"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiSIEM version 7.0.0 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C"
}
]
}

96
2023/26xxx/CVE-2023-26207.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26207",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.10"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-455",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-455"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiProxy version 7.2.2 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:C"
}
]
}

159
2023/26xxx/CVE-2023-26210.json
View File

@ -1,17 +1,168 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiADCManager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1.0"
},
{
"version_affected": "=",
"version_value": "7.0.0"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.1"
},
{
"version_affected": "=",
"version_value": "6.1.0"
},
{
"version_affected": "=",
"version_value": "6.0.0"
},
{
"version_affected": "=",
"version_value": "5.4.0"
},
{
"version_affected": "=",
"version_value": "5.3.0"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.1"
}
]
}
},
{
"product_name": "FortiADC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "<=",
"version_name": "7.1.0",
"version_value": "7.1.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.5"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.6"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.6"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.4"
},
{
"version_affected": "<=",
"version_name": "5.4.0",
"version_value": "5.4.5"
},
{
"version_affected": "<=",
"version_name": "5.3.0",
"version_value": "5.3.7"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-076",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-076"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 7.2.1 or above\r\nPlease upgrade to FortiADC version 7.1.3 or above\r\nPlease upgrade to FortiADCManager version 7.2.0 or above\r\nPlease upgrade to FortiADCManager version 7.1.1 or above\r\nPlease upgrade to FortiADCManager version 7.0.1 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:C"
}
]
}

189
2023/27xxx/CVE-2023-27465.json
View File

@ -1,17 +1,198 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213: Exposure of Sensitive Information Due to Incompatible Policies",
"cweId": "CWE-213"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMOTION C240",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION C240 PN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D410-2 DP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D410-2 DP/PN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D425-2 DP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D425-2 DP/PN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D435-2 DP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D435-2 DP/PN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D445-2 DP/PN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4"
},
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION D455-2 DP/PN",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4 < V5.5 SP1"
}
]
}
},
{
"product_name": "SIMOTION P320-4 E",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4"
}
]
}
},
{
"product_name": "SIMOTION P320-4 S",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V5.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
}
]
}

189
2023/27xxx/CVE-2023-27997.json
View File

@ -1,17 +1,198 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiOS-6K7K",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.0.10"
},
{
"version_affected": "=",
"version_value": "7.0.5"
},
{
"version_affected": "=",
"version_value": "6.4.12"
},
{
"version_affected": "=",
"version_value": "6.4.10"
},
{
"version_affected": "=",
"version_value": "6.4.8"
},
{
"version_affected": "=",
"version_value": "6.4.6"
},
{
"version_affected": "=",
"version_value": "6.4.2"
},
{
"version_affected": "<=",
"version_name": "6.2.9",
"version_value": "6.2.13"
},
{
"version_affected": "<=",
"version_name": "6.2.6",
"version_value": "6.2.7"
},
{
"version_affected": "=",
"version_value": "6.2.4"
},
{
"version_affected": "<=",
"version_name": "6.0.12",
"version_value": "6.0.16"
},
{
"version_affected": "=",
"version_value": "6.0.10"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.12"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.4"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.11"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.12"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.13"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-097",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-097"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS-6K7K version 7.0.12 or above\r\nPlease upgrade to FortiOS-6K7K version 6.4.13 or above\r\nPlease upgrade to FortiOS-6K7K version 6.2.15 or above\r\nPlease upgrade to FortiOS-6K7K version 6.0.17 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above\r\nPlease upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.12 or above\r\nPlease upgrade to FortiOS version 6.4.13 or above\r\nPlease upgrade to FortiOS version 6.2.14 or above\r\nPlease upgrade to FortiOS version 6.0.17 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R"
}
]
}

98
2023/28xxx/CVE-2023-28000.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28000",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiADC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.1.0"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.3"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.4"
},
{
"version_affected": "<=",
"version_name": "6.1.0",
"version_value": "6.1.6"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-107",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-107"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.4 or above Please upgrade to FortiADC version 6.2.5 or above "
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:R"
}
]
}

130
2023/28xxx/CVE-2023-28829.json
View File

@ -1,17 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28829",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These\r\nservices were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-477: Use of Obsolete Function",
"cweId": "CWE-477"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V8.0"
}
]
}
},
{
"product_name": "SINAUT Software ST7sc",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 3.9,
"baseSeverity": "LOW"
}
]
}

113
2023/29xxx/CVE-2023-29129.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.\r\n\r\nThis CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"cweId": "CWE-303"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Mendix SAML (Mendix 7 compatible)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V1.17.3 < V1.18.0"
},
{
"version_affected": "=",
"version_value": "All versions >= V1.16.4 < V1.17.3"
}
]
}
},
{
"product_name": "Mendix SAML (Mendix 8 compatible)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V2.3.0 < V2.4.0"
},
{
"version_affected": "=",
"version_value": "All versions >= V2.2.0 < V2.3.0"
}
]
}
},
{
"product_name": "Mendix SAML (Mendix 9 compatible, New Track)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V3.3.1 < V3.6.1"
},
{
"version_affected": "=",
"version_value": "All versions >= V3.1.9 < V3.3.1"
}
]
}
},
{
"product_name": "Mendix SAML (Mendix 9 compatible, Upgrade Track)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions >= V3.3.0 < V3.6.0"
},
{
"version_affected": "=",
"version_value": "All versions >= V3.1.8 < V3.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
]
}

120
2023/29xxx/CVE-2023-29175.json
View File

@ -1,17 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote\u00a0FortiGuard's map server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.12"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.2.0"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.10"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.13"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.15"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-468",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-468"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiOS version 7.2.1 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:R"
}
]
}

131
2023/29xxx/CVE-2023-29178.json
View File

@ -1,17 +1,140 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service",
"cweId": "CWE-824"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.12"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.4"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.11"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.13"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.15"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.17"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-095",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-23-095"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.12 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C"
}
]
}

119
2023/30xxx/CVE-2023-30757.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30757",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure",
"cweId": "CWE-693"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V14",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V15",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V17",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
},
{
"product_name": "Totally Integrated Automation Portal (TIA Portal) V18",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
}
]
}

64
2023/30xxx/CVE-2023-30897.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30897",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.\r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V7.5.2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

64
2023/30xxx/CVE-2023-30901.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-30901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "POWER METER SICAM Q200 family",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.70"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
]
}

64
2023/31xxx/CVE-2023-31238.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"cweId": "CWE-732"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "POWER METER SICAM Q200 family",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V2.70"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}

119
2023/33xxx/CVE-2023-33121.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.13"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.10"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.6"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.8"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"baseScore": 3.3,
"baseSeverity": "LOW"
}
]
}

119
2023/33xxx/CVE-2023-33122.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.13"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.10"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.6"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.8"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"baseScore": 3.3,
"baseSeverity": "LOW"
}
]
}

119
2023/33xxx/CVE-2023-33123.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33123",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.13"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.10"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.6"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.8"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

119
2023/33xxx/CVE-2023-33124.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "JT2Go",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.2.0.13"
}
]
}
},
{
"product_name": "Teamcenter Visualization V13.3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V13.3.0.10"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.0.0.6"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.1",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.1.0.8"
}
]
}
},
{
"product_name": "Teamcenter Visualization V14.2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < V14.2.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

183
2023/33xxx/CVE-2023-33305.json
View File

@ -1,17 +1,192 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@fortinet.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service",
"cweId": "CWE-835"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Fortinet",
"product": {
"product_data": [
{
"product_name": "FortiWeb",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.1"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.6"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.3"
},
{
"version_affected": "<=",
"version_name": "6.3.0",
"version_value": "6.3.23"
}
]
}
},
{
"product_name": "FortiOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.4"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.10"
},
{
"version_affected": "<=",
"version_name": "6.4.0",
"version_value": "6.4.13"
},
{
"version_affected": "<=",
"version_name": "6.2.0",
"version_value": "6.2.15"
},
{
"version_affected": "<=",
"version_name": "6.0.0",
"version_value": "6.0.17"
},
{
"version_affected": "<=",
"version_name": "5.6.0",
"version_value": "5.6.14"
},
{
"version_affected": "<=",
"version_name": "5.4.0",
"version_value": "5.4.13"
},
{
"version_affected": "<=",
"version_name": "5.2.0",
"version_value": "5.2.15"
},
{
"version_affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.14"
}
]
}
},
{
"product_name": "FortiProxy",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.2.0",
"version_value": "7.2.3"
},
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "7.0.9"
},
{
"version_affected": "<=",
"version_name": "2.0.0",
"version_value": "2.0.12"
},
{
"version_affected": "<=",
"version_name": "1.2.0",
"version_value": "1.2.13"
},
{
"version_affected": "<=",
"version_name": "1.1.0",
"version_value": "1.1.6"
},
{
"version_affected": "<=",
"version_name": "1.0.0",
"version_value": "1.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-375",
"refsource": "MISC",
"name": "https://fortiguard.com/psirt/FG-IR-22-375"
}
]
},
"solution": [
{
"lang": "en",
"value": "Please upgrade to FortiPAM version 1.0.0 or above\r\nPlease upgrade to FortiWeb version 7.2.2 or above\r\nPlease upgrade to FortiWeb version 7.0.7 or above\r\nPlease upgrade to FortiOS version 7.4.0 or above\r\nPlease upgrade to FortiOS version 7.2.5 or above\r\nPlease upgrade to FortiOS version 7.0.11 or above\r\nPlease upgrade to FortiProxy version 7.2.4 or above\r\nPlease upgrade to FortiProxy version 7.0.10 or above"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:H/RL:U/RC:C"
}
]
}

75
2023/33xxx/CVE-2023-33919.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33919",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "CP-8031 MASTER MODULE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < CPCI85 V05"
}
]
}
},
{
"product_name": "CP-8050 MASTER MODULE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < CPCI85 V05"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 7.2,
"baseSeverity": "HIGH"
}
]
}

75
2023/33xxx/CVE-2023-33920.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "CP-8031 MASTER MODULE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < CPCI85 V05"
}
]
}
},
{
"product_name": "CP-8050 MASTER MODULE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < CPCI85 V05"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
]
}

75
2023/33xxx/CVE-2023-33921.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749: Exposed Dangerous Method or Function",
"cweId": "CWE-749"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Siemens",
"product": {
"product_data": [
{
"product_name": "CP-8031 MASTER MODULE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < CPCI85 V05"
}
]
}
},
{
"product_name": "CP-8050 MASTER MODULE",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions < CPCI85 V05"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"refsource": "MISC",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
]
}