admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-08T10:00:48.536267+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-08 10:03:48 +00:00
parent f3f06931a2
commit 1fbdbffd9d
56 changed files with 3633 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2021/CVE-2021-313xx/CVE-2021-31344.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31344",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.087",
"lastModified": "2022-05-20T13:15:12.027",
"lastModified": "2024-10-08T09:15:03.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)"
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
@ -36,6 +80,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
@ -278,6 +342,26 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

40
CVE-2021/CVE-2021-313xx/CVE-2021-31345.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31345",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.143",
"lastModified": "2022-05-20T13:15:12.130",
"lastModified": "2024-10-08T09:15:04.067",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -299,6 +319,22 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

44
CVE-2021/CVE-2021-313xx/CVE-2021-31346.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31346",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.200",
"lastModified": "2022-05-20T13:15:12.237",
"lastModified": "2024-10-08T09:15:04.353",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
],
"cvssMetricV2": [
@ -278,6 +298,26 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

36
CVE-2021/CVE-2021-318xx/CVE-2021-31881.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31881",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.257",
"lastModified": "2022-05-20T13:15:12.327",
"lastModified": "2024-10-08T09:15:04.740",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
],
"cvssMetricV2": [
@ -282,6 +302,18 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

36
CVE-2021/CVE-2021-318xx/CVE-2021-31882.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31882",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.317",
"lastModified": "2022-05-20T13:15:12.420",
"lastModified": "2024-10-08T09:15:05.170",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -272,6 +292,18 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

36
CVE-2021/CVE-2021-318xx/CVE-2021-31883.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31883",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.383",
"lastModified": "2022-05-20T13:15:12.510",
"lastModified": "2024-10-08T09:15:05.633",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
],
"cvssMetricV2": [
@ -299,6 +319,18 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

44
CVE-2021/CVE-2021-318xx/CVE-2021-31889.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31889",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.693",
"lastModified": "2022-05-20T13:15:13.307",
"lastModified": "2024-10-08T09:15:06.100",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -299,6 +319,26 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

44
CVE-2021/CVE-2021-318xx/CVE-2021-31890.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-31890",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-11-09T12:15:09.743",
"lastModified": "2022-05-20T13:15:13.400",
"lastModified": "2024-10-08T09:15:06.630",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)"
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)"
},
{
"lang": "es",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -278,6 +298,26 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"source": "productcert@siemens.com",

4
CVE-2022/CVE-2022-243xx/CVE-2022-24309.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-24309",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-03-08T12:15:11.580",
"lastModified": "2024-05-14T16:15:21.660",
"lastModified": "2024-10-08T09:15:07.060",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29), Mendix Applications using Mendix 8 (All versions < V8.18.16), Mendix Applications using Mendix 9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data."
"value": "A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data."
},
{
"lang": "es",

4
CVE-2022/CVE-2022-363xx/CVE-2022-36362.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-36362",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.103",
"lastModified": "2024-09-10T10:15:04.130",
"lastModified": "2024-10-08T09:15:07.417",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."
},
{
"lang": "es",

64
CVE-2022/CVE-2022-45xx/CVE-2022-4534.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2022-4534",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-08T09:15:07.773",
"lastModified": "2024-10-08T09:15:07.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-348"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-limit-failed-login-attempts/tags/5.3/login.php#L466",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3163023/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/561ec1b2-ee26-4e0c-b437-d70b04be5b4c?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2023/CVE-2023-263xx/CVE-2023-26319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26319",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:10.103",
"lastModified": "2023-10-16T19:02:59.867",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-08T09:15:08.063",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "CWE-78"
}
]
}

4
CVE-2023/CVE-2023-462xx/CVE-2023-46280.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46280",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:15:40.800",
"lastModified": "2024-09-10T10:15:07.977",
"lastModified": "2024-10-08T09:15:08.837",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46281.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46281",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.653",
"lastModified": "2024-09-10T10:15:08.120",
"lastModified": "2024-10-08T09:15:09.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46282.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46282",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.870",
"lastModified": "2024-09-10T10:15:08.240",
"lastModified": "2024-10-08T09:15:09.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46283.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46283",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.067",
"lastModified": "2024-09-10T10:15:08.353",
"lastModified": "2024-10-08T09:15:09.543",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46284.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46284",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.273",
"lastModified": "2024-09-10T10:15:08.467",
"lastModified": "2024-10-08T09:15:09.700",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46285.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46285",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.477",
"lastModified": "2024-09-10T10:15:08.577",
"lastModified": "2024-10-08T09:15:09.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
},
{
"lang": "es",

100
CVE-2023/CVE-2023-529xx/CVE-2023-52952.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2023-52952",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:10.097",
"lastModified": "2024-10-08T09:15:10.097",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro+ (J31032-K2017-H436) (All versions >= V11.5.1 < V11.6.2). The Kiosk Mode of the affected devices contains a restricted desktop environment escape vulnerability. This could allow an unauthenticated local attacker to escape the restricted environment and gain access to the underlying operating system."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-424"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-540493.html",
"source": "productcert@siemens.com"
}
]
}

4
CVE-2024/CVE-2024-336xx/CVE-2024-33698.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-33698",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:09.707",
"lastModified": "2024-09-10T12:09:50.377",
"lastModified": "2024-10-08T09:15:10.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
"value": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-357xx/CVE-2024-35783.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-35783",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:09.937",
"lastModified": "2024-09-10T12:09:50.377",
"lastModified": "2024-10-08T09:15:10.740",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges."
"value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges."
},
{
"lang": "es",

8
CVE-2024/CVE-2024-379xx/CVE-2024-37996.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-37996",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-09T12:15:15.067",
"lastModified": "2024-07-09T18:19:14.047",
"lastModified": "2024-10-08T09:15:10.880",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
"value": "A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
@ -99,6 +99,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html",
"source": "productcert@siemens.com"
}
]
}

8
CVE-2024/CVE-2024-379xx/CVE-2024-37997.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-37997",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-09T12:15:15.280",
"lastModified": "2024-07-09T18:19:14.047",
"lastModified": "2024-10-08T09:15:11.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
@ -99,6 +99,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-417xx/CVE-2024-41798.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41798",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:11.177",
"lastModified": "2024-10-08T09:15:11.177",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by sniffing the Modbus clear text communication."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-850560.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41902.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41902",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:11.453",
"lastModified": "2024-10-08T09:15:11.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-626178.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41981.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41981",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:11.813",
"lastModified": "2024-10-08T09:15:11.813",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45463.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45463",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:12.080",
"lastModified": "2024-10-08T09:15:12.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45464.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45464",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:12.370",
"lastModified": "2024-10-08T09:15:12.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45465.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45465",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:12.640",
"lastModified": "2024-10-08T09:15:12.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45466.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45466",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:12.903",
"lastModified": "2024-10-08T09:15:12.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45467.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45467",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:13.180",
"lastModified": "2024-10-08T09:15:13.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45468.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45468",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:13.443",
"lastModified": "2024-10-08T09:15:13.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45469.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45469",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:13.757",
"lastModified": "2024-10-08T09:15:13.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45470.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45470",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:13.973",
"lastModified": "2024-10-08T09:15:13.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45471.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45471",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:14.293",
"lastModified": "2024-10-08T09:15:14.293",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45472.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45472",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:14.557",
"lastModified": "2024-10-08T09:15:14.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45473.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45473",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:14.860",
"lastModified": "2024-10-08T09:15:14.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45474.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45474",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:15.090",
"lastModified": "2024-10-08T09:15:15.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45475.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45475",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:15.457",
"lastModified": "2024-10-08T09:15:15.457",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-454xx/CVE-2024-45476.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-45476",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:15.830",
"lastModified": "2024-10-08T09:15:15.830",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted WRL files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-583523.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-468xx/CVE-2024-46886.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-46886",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:16.093",
"lastModified": "2024-10-08T09:15:16.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate user must actively click on an attacker-crafted link."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-876787.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-468xx/CVE-2024-46887.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-46887",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:16.447",
"lastModified": "2024-10-08T09:15:16.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle times as well as about configured maximum communication load."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-054046.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-470xx/CVE-2024-47046.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47046",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:16.757",
"lastModified": "2024-10-08T09:15:16.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-852501.html",
"source": "productcert@siemens.com"
}
]
}

78
CVE-2024/CVE-2024-470xx/CVE-2024-47095.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-47095",
"sourceIdentifier": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"published": "2024-10-08T08:15:02.237",
"lastModified": "2024-10-08T08:15:02.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.securin.io/zerodays/cve-2024-47095-reflected-cross-site-scripting-in-follett-school-solutions-destiny-library-manager/",
"source": "33c584b5-0579-4c06-b2a0-8d8329fcab9c"
}
]
}

100
CVE-2024/CVE-2024-471xx/CVE-2024-47194.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47194",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:17.047",
"lastModified": "2024-10-08T09:15:17.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vish2.exe from a user-writable directory."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-426509.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-471xx/CVE-2024-47195.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47195",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:17.300",
"lastModified": "2024-10-08T09:15:17.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch gdb.exe from a user-writable directory."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-426509.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-471xx/CVE-2024-47196.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47196",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:17.563",
"lastModified": "2024-10-08T09:15:17.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges in installations where administrators or processes with elevated privileges launch vsimk.exe from a user-writable directory."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-426509.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-475xx/CVE-2024-47553.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47553",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:17.847",
"lastModified": "2024-10-08T09:15:17.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command.\r\nThis could allow an authenticated, lowly privileged remote attacker to execute arbitrary code with root privileges on the underlying OS."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-430425.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-475xx/CVE-2024-47562.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47562",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:18.110",
"lastModified": "2024-10-08T09:15:18.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command.\r\nThis could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-430425.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-475xx/CVE-2024-47563.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47563",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:18.403",
"lastModified": "2024-10-08T09:15:18.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files.\r\nThis could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-430425.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-475xx/CVE-2024-47565.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-47565",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-10-08T09:15:18.730",
"lastModified": "2024-10-08T09:15:18.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values.\r\nThis could allow an authenticated remote attacker to compromise the integrity of the configuration of the affected application."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-183"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-430425.html",
"source": "productcert@siemens.com"
}
]
}

60
CVE-2024/CVE-2024-89xx/CVE-2024-8911.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8911",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-08T09:15:19.077",
"lastModified": "2024-10-08T09:15:19.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user's password is only possible if the \"Use WordPress users as customers\" setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://wpdocs.latepoint.com/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve",
"source": "security@wordfence.com"
}
]
}

60
CVE-2024/CVE-2024-89xx/CVE-2024-8943.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-8943",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-08T09:15:19.343",
"lastModified": "2024-10-08T09:15:19.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the \"Use WordPress users as customers\" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "https://wpdocs.latepoint.com/changelog/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-89xx/CVE-2024-8964.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-8964",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-10-08T08:15:02.430",
"lastModified": "2024-10-08T08:15:02.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3162079/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/sirv/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39b2435f-32a3-4158-a734-c21a0cab15be?source=cve",
"source": "security@wordfence.com"
}
]
}

71
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-08T08:00:19.664471+00:00
2024-10-08T10:00:48.536267+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-08T07:15:06.170000+00:00
2024-10-08T09:15:19.343000+00:00
```
### Last Data Feed Release
@ -33,34 +33,65 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
264831
264864
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `33`
- [CVE-2024-34662](CVE-2024/CVE-2024-346xx/CVE-2024-34662.json) (`2024-10-08T07:15:03.037`)
- [CVE-2024-34663](CVE-2024/CVE-2024-346xx/CVE-2024-34663.json) (`2024-10-08T07:15:03.497`)
- [CVE-2024-34664](CVE-2024/CVE-2024-346xx/CVE-2024-34664.json) (`2024-10-08T07:15:03.750`)
- [CVE-2024-34665](CVE-2024/CVE-2024-346xx/CVE-2024-34665.json) (`2024-10-08T07:15:04.053`)
- [CVE-2024-34666](CVE-2024/CVE-2024-346xx/CVE-2024-34666.json) (`2024-10-08T07:15:04.363`)
- [CVE-2024-34667](CVE-2024/CVE-2024-346xx/CVE-2024-34667.json) (`2024-10-08T07:15:04.643`)
- [CVE-2024-34668](CVE-2024/CVE-2024-346xx/CVE-2024-34668.json) (`2024-10-08T07:15:04.897`)
- [CVE-2024-34669](CVE-2024/CVE-2024-346xx/CVE-2024-34669.json) (`2024-10-08T07:15:05.137`)
- [CVE-2024-34670](CVE-2024/CVE-2024-346xx/CVE-2024-34670.json) (`2024-10-08T07:15:05.390`)
- [CVE-2024-34671](CVE-2024/CVE-2024-346xx/CVE-2024-34671.json) (`2024-10-08T07:15:05.640`)
- [CVE-2024-34672](CVE-2024/CVE-2024-346xx/CVE-2024-34672.json) (`2024-10-08T07:15:05.880`)
- [CVE-2024-7206](CVE-2024/CVE-2024-72xx/CVE-2024-7206.json) (`2024-10-08T07:15:06.170`)
- [CVE-2024-8983](CVE-2024/CVE-2024-89xx/CVE-2024-8983.json) (`2024-10-08T06:15:02.490`)
- [CVE-2024-9021](CVE-2024/CVE-2024-90xx/CVE-2024-9021.json) (`2024-10-08T06:15:02.693`)
- [CVE-2024-9292](CVE-2024/CVE-2024-92xx/CVE-2024-9292.json) (`2024-10-08T06:15:02.773`)
- [CVE-2024-45466](CVE-2024/CVE-2024-454xx/CVE-2024-45466.json) (`2024-10-08T09:15:12.903`)
- [CVE-2024-45467](CVE-2024/CVE-2024-454xx/CVE-2024-45467.json) (`2024-10-08T09:15:13.180`)
- [CVE-2024-45468](CVE-2024/CVE-2024-454xx/CVE-2024-45468.json) (`2024-10-08T09:15:13.443`)
- [CVE-2024-45469](CVE-2024/CVE-2024-454xx/CVE-2024-45469.json) (`2024-10-08T09:15:13.757`)
- [CVE-2024-45470](CVE-2024/CVE-2024-454xx/CVE-2024-45470.json) (`2024-10-08T09:15:13.973`)
- [CVE-2024-45471](CVE-2024/CVE-2024-454xx/CVE-2024-45471.json) (`2024-10-08T09:15:14.293`)
- [CVE-2024-45472](CVE-2024/CVE-2024-454xx/CVE-2024-45472.json) (`2024-10-08T09:15:14.557`)
- [CVE-2024-45473](CVE-2024/CVE-2024-454xx/CVE-2024-45473.json) (`2024-10-08T09:15:14.860`)
- [CVE-2024-45474](CVE-2024/CVE-2024-454xx/CVE-2024-45474.json) (`2024-10-08T09:15:15.090`)
- [CVE-2024-45475](CVE-2024/CVE-2024-454xx/CVE-2024-45475.json) (`2024-10-08T09:15:15.457`)
- [CVE-2024-45476](CVE-2024/CVE-2024-454xx/CVE-2024-45476.json) (`2024-10-08T09:15:15.830`)
- [CVE-2024-46886](CVE-2024/CVE-2024-468xx/CVE-2024-46886.json) (`2024-10-08T09:15:16.093`)
- [CVE-2024-46887](CVE-2024/CVE-2024-468xx/CVE-2024-46887.json) (`2024-10-08T09:15:16.447`)
- [CVE-2024-47046](CVE-2024/CVE-2024-470xx/CVE-2024-47046.json) (`2024-10-08T09:15:16.757`)
- [CVE-2024-47095](CVE-2024/CVE-2024-470xx/CVE-2024-47095.json) (`2024-10-08T08:15:02.237`)
- [CVE-2024-47194](CVE-2024/CVE-2024-471xx/CVE-2024-47194.json) (`2024-10-08T09:15:17.047`)
- [CVE-2024-47195](CVE-2024/CVE-2024-471xx/CVE-2024-47195.json) (`2024-10-08T09:15:17.300`)
- [CVE-2024-47196](CVE-2024/CVE-2024-471xx/CVE-2024-47196.json) (`2024-10-08T09:15:17.563`)
- [CVE-2024-47553](CVE-2024/CVE-2024-475xx/CVE-2024-47553.json) (`2024-10-08T09:15:17.847`)
- [CVE-2024-47562](CVE-2024/CVE-2024-475xx/CVE-2024-47562.json) (`2024-10-08T09:15:18.110`)
- [CVE-2024-47563](CVE-2024/CVE-2024-475xx/CVE-2024-47563.json) (`2024-10-08T09:15:18.403`)
- [CVE-2024-47565](CVE-2024/CVE-2024-475xx/CVE-2024-47565.json) (`2024-10-08T09:15:18.730`)
- [CVE-2024-8911](CVE-2024/CVE-2024-89xx/CVE-2024-8911.json) (`2024-10-08T09:15:19.077`)
- [CVE-2024-8943](CVE-2024/CVE-2024-89xx/CVE-2024-8943.json) (`2024-10-08T09:15:19.343`)
- [CVE-2024-8964](CVE-2024/CVE-2024-89xx/CVE-2024-8964.json) (`2024-10-08T08:15:02.430`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `21`
- [CVE-2021-31344](CVE-2021/CVE-2021-313xx/CVE-2021-31344.json) (`2024-10-08T09:15:03.490`)
- [CVE-2021-31345](CVE-2021/CVE-2021-313xx/CVE-2021-31345.json) (`2024-10-08T09:15:04.067`)
- [CVE-2021-31346](CVE-2021/CVE-2021-313xx/CVE-2021-31346.json) (`2024-10-08T09:15:04.353`)
- [CVE-2021-31881](CVE-2021/CVE-2021-318xx/CVE-2021-31881.json) (`2024-10-08T09:15:04.740`)
- [CVE-2021-31882](CVE-2021/CVE-2021-318xx/CVE-2021-31882.json) (`2024-10-08T09:15:05.170`)
- [CVE-2021-31883](CVE-2021/CVE-2021-318xx/CVE-2021-31883.json) (`2024-10-08T09:15:05.633`)
- [CVE-2021-31889](CVE-2021/CVE-2021-318xx/CVE-2021-31889.json) (`2024-10-08T09:15:06.100`)
- [CVE-2021-31890](CVE-2021/CVE-2021-318xx/CVE-2021-31890.json) (`2024-10-08T09:15:06.630`)
- [CVE-2022-24309](CVE-2022/CVE-2022-243xx/CVE-2022-24309.json) (`2024-10-08T09:15:07.060`)
- [CVE-2022-36362](CVE-2022/CVE-2022-363xx/CVE-2022-36362.json) (`2024-10-08T09:15:07.417`)
- [CVE-2023-26319](CVE-2023/CVE-2023-263xx/CVE-2023-26319.json) (`2024-10-08T09:15:08.063`)
- [CVE-2023-46280](CVE-2023/CVE-2023-462xx/CVE-2023-46280.json) (`2024-10-08T09:15:08.837`)
- [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-10-08T09:15:09.133`)
- [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-10-08T09:15:09.323`)
- [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-10-08T09:15:09.543`)
- [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-10-08T09:15:09.700`)
- [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-10-08T09:15:09.907`)
- [CVE-2024-33698](CVE-2024/CVE-2024-336xx/CVE-2024-33698.json) (`2024-10-08T09:15:10.463`)
- [CVE-2024-35783](CVE-2024/CVE-2024-357xx/CVE-2024-35783.json) (`2024-10-08T09:15:10.740`)
- [CVE-2024-37996](CVE-2024/CVE-2024-379xx/CVE-2024-37996.json) (`2024-10-08T09:15:10.880`)
- [CVE-2024-37997](CVE-2024/CVE-2024-379xx/CVE-2024-37997.json) (`2024-10-08T09:15:11.020`)
## Download and Usage

105
_state.csv
View File

@ -175350,9 +175350,9 @@ CVE-2021-31340,0,0,81e659a78550cfde841cf4adb1801ead910aa7b17800272e272e3f0a2bf43
CVE-2021-31341,0,0,76b6c6810d10f906f324530af75805d78c1849a86ff7dbc8d8d0ac3d7c6b950b,2021-05-20T18:53:02.400000
CVE-2021-31342,0,0,9e7702c3cf02fd3a99684c2a937b08515039dd4fb4d807a0558e3b48e69dfa9d,2021-09-21T19:16:23.917000
CVE-2021-31343,0,0,a873e06009e9f703eb4059cbb7ef63971982f800ea52bf25aaf1ec7fd763e4de,2021-09-21T19:16:20.807000
CVE-2021-31344,0,0,6f3b20be218691f936f9efd3cb81c89acd26edd9a58db6d5a9df28271de08392,2022-05-20T13:15:12.027000
CVE-2021-31345,0,0,f11fdd09f947a5abf52d8cc49edb01998cbc95d642913807f6728c8dc20662b8,2022-05-20T13:15:12.130000
CVE-2021-31346,0,0,b93223210f0930d84717f0f797a6c3d544be288730700097ef26b3e15628b7b9,2022-05-20T13:15:12.237000
CVE-2021-31344,0,1,12a2df4a54de5f6dd092ce64528cd4ed88896e238c79be0a1ee50e8444523858,2024-10-08T09:15:03.490000
CVE-2021-31345,0,1,2739eaec20d9124bffe79e4e670882ce4e84f8720e8d9a8f05f44ab5571a4d98,2024-10-08T09:15:04.067000
CVE-2021-31346,0,1,cc3385993066773154618f0070c2eda0c55a3946b5eeddf23f643f86afc6ad01,2024-10-08T09:15:04.353000
CVE-2021-31347,0,0,65a47f1c5c3f2e2d617a4995d8dc5eb60e603a2e4c9e62b0795a2b777ca61217,2022-04-19T03:47:53.463000
CVE-2021-31348,0,0,1d2d405006e0f603e487c204625280dead58b1868199dfaab4b8c9bdfc703f80,2022-05-03T16:04:40.443000
CVE-2021-31349,0,0,7929d1051dae95ad4bbb4ad131be300300c21d7442ae467b9831e29a4c033d27,2022-10-25T15:32:54.757000
@ -175774,17 +175774,17 @@ CVE-2021-31877,0,0,f6e53f089f1129fadfb6639d91d5b1ca15bf179e05d3927428ae824c37e9c
CVE-2021-31878,0,0,68dcd2f64e690767d2e60c800aaf36788d70e34ee8642ec80f7faaf8f7489f7c,2021-08-07T02:05:55.693000
CVE-2021-31879,0,0,843232e3ee064a8187c91fb0aac1cd20796d5f2c07e762fc8d96c9b79e21b052,2022-05-13T20:52:24.793000
CVE-2021-3188,0,0,b28df706fdd2e316cd435102523f7317ee18592edb914f3bbbc720584790de03,2021-02-03T23:07:34.967000
CVE-2021-31881,0,0,c4e215d1f4f18d2e1ddce7b864a4cc6af073d38502042d3546efac2db9fd637e,2022-05-20T13:15:12.327000
CVE-2021-31882,0,0,f442eeaf7813bf5e9bae8571986fee3e75c0341b03e25b71356c8033cf1bdaaf,2022-05-20T13:15:12.420000
CVE-2021-31883,0,0,672378cfe68ab9a06e2d5fd0429feb607d4c950700029b61ac57dd39658335de,2022-05-20T13:15:12.510000
CVE-2021-31881,0,1,4489ec89612d3ec04bd980c61a5f757146327da0d2b32111f067375a6c32d84e,2024-10-08T09:15:04.740000
CVE-2021-31882,0,1,5f5644d3957e4ef0f581d49748eaee6a356d02d37f2f2a076008f6478dd75766,2024-10-08T09:15:05.170000
CVE-2021-31883,0,1,fd2d964b882cd6a851c17ea0c20708746ff27aaf164a21ff9601aafddbc4d477,2024-10-08T09:15:05.633000
CVE-2021-31884,0,0,6759f6606a57ad07fd20f9e72a13f53994c1e13a31f60006a8340fb63b31d53b,2023-06-26T19:15:56.157000
CVE-2021-31885,0,0,b073842476e2e0db701938c725371017c8807b410a5d31d25aaac13d1096e897,2022-05-20T13:15:12.843000
CVE-2021-31886,0,0,11de9e23972973e3e77a6a76fe1133452ac161db28b938272b62a8fc8b5eeed4,2023-02-10T15:38:07.227000
CVE-2021-31887,0,0,1be1d32b9c438b64c98f0434bcbbbc8f185ca810f059fb9bc0d817b747be6707,2023-03-13T15:28:09.447000
CVE-2021-31888,0,0,84deb77b4b68203dbde079fc3c3f837f826f1f309413fa13d13dc65170e6ce4d,2023-05-16T10:50:54.340000
CVE-2021-31889,0,0,564712112e8a57d27f57338763be3314a7914902f1bc3757378812cd6f32da39,2022-05-20T13:15:13.307000
CVE-2021-31889,0,1,eb80e5b0065dd6a796fa9dfb249874f6b223282c46e087088e7853cff601ba6f,2024-10-08T09:15:06.100000
CVE-2021-3189,0,0,c7a367be3e2865bc463cd01776b20c2a4a0f8f6381f1d4111c654f0f0e854812,2022-05-23T22:09:59.653000
CVE-2021-31890,0,0,7be741a9294035c94692538b356040a011aac1c6a9e53e72fc321a6908162571,2022-05-20T13:15:13.400000
CVE-2021-31890,0,1,ee3088ec01475738d4801bfd725b2e5e2d62ee57bed042c2aef0a16d4fa825df,2024-10-08T09:15:06.630000
CVE-2021-31891,0,0,a7ab96d37e05b209f62dc269be6807f5265898475a0422f5ac5892e5c9e87b73,2021-09-28T16:48:53.480000
CVE-2021-31892,0,0,9de46e08fbf58de0335da8dc86569f9d763dc7f7ca97a5fb2731038553b54a2a,2021-08-09T16:26:16.037000
CVE-2021-31893,0,0,b32fb7410b43273f1755d2c50f18866c9bd93a3876cfebced957f70acc301bad,2021-08-06T14:03:32.707000
@ -193368,7 +193368,7 @@ CVE-2022-24305,0,0,30e88969b27ec81e2e26f940254ad125ad83eacee7d10dfbbcb908b27e30a
CVE-2022-24306,0,0,28af1800a1599f60ff69eaa510c90c64689831c90cca2e32ad84606b56a58bf0,2022-03-09T19:08:59.807000
CVE-2022-24307,0,0,6a7e4d3b525dd43e9e62cd43b7fda0de1e482af1142613dc0593c97092227c8f,2022-02-09T15:02:35.453000
CVE-2022-24308,0,0,55cfc3c58dad7bbdb944b25507524b904e531a23e2ef982a5587add45849f68d,2022-04-20T17:41:40.333000
CVE-2022-24309,0,0,93709e36d3556980adb7615140202b31a8905324206eb744c9189acf4e2dbcd5,2024-05-14T16:15:21.660000
CVE-2022-24309,0,1,9f012ec80310a05446e01cd0f5bba8c855448c2e68099864fa795d564b2456d3,2024-10-08T09:15:07.060000
CVE-2022-2431,0,0,e3e1b9e175bb6712c260829a0ad8e137bdaac66f28edc4c8cf16daec00c382fb,2022-09-09T03:12:17.733000
CVE-2022-24310,0,0,9302212263e14f345a0a4ab862a335a74ddba2369a3abcbe70badbc57ff98b41,2022-02-17T02:28:10.480000
CVE-2022-24311,0,0,32da23d95df73b33f04742c3142c54b395cfaad549f4782e2e21d6aba3ff608e,2022-02-17T02:42:48.017000
@ -203251,7 +203251,7 @@ CVE-2022-36359,0,0,cb59ce0a1c10a8b366e24bb22c2634854382cda0af52bd35f65d6f2a075f8
CVE-2022-3636,0,0,75def10d60d16bfb23d7c718385ffde793518980bc9e421807aeed368708b292,2023-11-07T03:51:33.507000
CVE-2022-36360,0,0,3a982649b709c80e5c0ecf462b67c3cb8e32cf61f278c7330a7537ab517de962,2023-07-21T20:06:03.153000
CVE-2022-36361,0,0,30db183bf570f4df7aa5f3f073a7a9c3769da15bca80894dfc43ffc7b13bcbf7,2024-09-10T10:15:03.930000
CVE-2022-36362,0,0,1103eb4bc71fc4be90ea02d583825c3b3ae2dcc74c56c41563d9536a9fd87449,2024-09-10T10:15:04.130000
CVE-2022-36362,0,1,4e3a9a1d62cfbd7a0f263ddbf1ce3ee17c88e93f35db59a0de1903934990470b,2024-10-08T09:15:07.417000
CVE-2022-36363,0,0,a78b894b4055654277f23131fc9f3afeaa75366b708d5e010f43fef96049bff0,2024-09-10T10:15:04.293000
CVE-2022-36364,0,0,738cd4acef905c428d04eb94247dcf9d6abd767f5a3dcc49e386ec9b30cce505,2022-08-03T19:36:48.113000
CVE-2022-36365,0,0,b808a7363f78b14f06a56cc19ea136df22e3d54cb59b56676f130ce4a39e706a,2022-09-23T16:53:26.720000
@ -209926,6 +209926,7 @@ CVE-2022-45331,0,0,d56f749377ee32baee9704d453f5cd7e14fbd7458db161db1deffebffb365
CVE-2022-45332,0,0,94e4da01e7f2e9d6ba2c8e99622553188f4f4167cbc35169367dcc156794dbb9,2022-12-02T16:00:13.253000
CVE-2022-45337,0,0,830eb8f9f5adeb6c6998db938ed05d61122b66828a8f1ab6eeac86e2a3a672e9,2022-12-02T16:02:46.090000
CVE-2022-45338,0,0,db1e020348022570d7195413db7fcda6e9a2a1a6fd517d6e5e1f9a26657625c1,2022-12-21T14:20:14.273000
CVE-2022-4534,1,1,2bb406e0fc52b7db4f61b8152412d6c659d5c0e00270df609baeae3e3d515f25,2024-10-08T09:15:07.773000
CVE-2022-45343,0,0,5d1eedc5ac96b36b5cac78d0ad63fbfaf79649ad176111ac6e98fd0014b02356,2023-05-27T04:15:22.513000
CVE-2022-45347,0,0,aa840505d505f8cfa34c393e60695382d9a7dc0e3a08e26dd265dd2e128ee0a3,2022-12-29T20:05:34.053000
CVE-2022-45348,0,0,601a6349d6b996a0ea4f19d771a9774f413bffbd95ae45426ab597a152ee65c0,2023-11-15T02:22:44.767000
@ -219755,7 +219756,7 @@ CVE-2023-26315,0,0,7e3ab4d47f5232ab5703d804bcec5bfd7f9220cde67501bbc57773ca3ee6b
CVE-2023-26316,0,0,b25055cc7c5cea8ff22d07e70ae7c2d4333af8a0444497a6d65e59a6b9965ec0,2023-08-07T18:01:47.890000
CVE-2023-26317,0,0,4436e84cd6ff81a4e8afb76597369a2fd42bffc02b7acdc50dcdee19196a2376,2023-08-07T16:18:22.053000
CVE-2023-26318,0,0,d49830620df46f2dde3da449a5ab4d59351f38e41e437bccf559cb5c96c8a3d5,2023-10-16T19:00:41.267000
CVE-2023-26319,0,0,3dd6441fbb2cf89b0e957e6f3f556dd38ea034f50ae932ae756d43f14248f8cd,2023-10-16T19:02:59.867000
CVE-2023-26319,0,1,1de69e6974ce8a3c4bdf934120d81d5d84393cebf6f1612106dd462e53700950,2024-10-08T09:15:08.063000
CVE-2023-2632,0,0,301898869b5a60457376f20e3b7ea036dcafa847ec705a351ca3cee971a25c85,2023-05-25T16:08:28.660000
CVE-2023-26320,0,0,ce18ada0dab81b6e3cbb23f236fe2120ff674b38177ae9eb5db23adbd1986f1c,2023-10-16T19:04:10.920000
CVE-2023-26321,0,0,d33084a4619b34020e5cad70ec2c1cf000cd57168b5863ef38a39364048a08a8,2024-09-12T16:29:14.277000
@ -234675,12 +234676,12 @@ CVE-2023-46277,0,0,be6fe4d0b7cb70dd6214423a62fcfe115996bdd636e939e24cf7a25f94904
CVE-2023-46278,0,0,283a5f4d3b1f995039a2ae4f0ff4efe94da460721819375532b8f8104a5b1ff6,2023-11-08T23:22:08.177000
CVE-2023-46279,0,0,cad5cbf92c67be5e79c0f7d5a9fbe732104c543f1cf9a464893a67bc498495cf,2023-12-19T17:40:49.427000
CVE-2023-4628,0,0,9dd80f318e00bb6d35ea5e4f6175e104ad476846cbe758532913d6d17d532560,2024-03-12T12:40:13.500000
CVE-2023-46280,0,0,6c4ae465a1a29eb48d8c66a506b7f4dad5a6f2dc11c8a39d8c97bb7101790bfe,2024-09-10T10:15:07.977000
CVE-2023-46281,0,0,1e926556c2b0c2764b09b15d3e0f670867c2e23c1e27f3d771db237b5074466b,2024-09-10T10:15:08.120000
CVE-2023-46282,0,0,e0658985a81f649ad95060ef0b8bfcae0fbe476d89f85755890e814337bcc7ab,2024-09-10T10:15:08.240000
CVE-2023-46283,0,0,615dd1fc03d6e85ef09325d26ea8f1c698be99786bde20fb8bd0f45a029cf2d9,2024-09-10T10:15:08.353000
CVE-2023-46284,0,0,a2e91682c3e6b5d3f42eb474c6f7070bd0c24032987fe78825aef832105252c9,2024-09-10T10:15:08.467000
CVE-2023-46285,0,0,589c73dbf1b1b0d4f93cf2fa1fcc3d65fe2d268f13d974e4bce39dcb7c289fb7,2024-09-10T10:15:08.577000
CVE-2023-46280,0,1,a0e3fe6ae91ee7f09021f5fdb3675442fb2d9799f06011e7ab582b571499d5b7,2024-10-08T09:15:08.837000
CVE-2023-46281,0,1,9e42d11f6e44c68ffa995cada1abff96d1cb7f7ad10f82a0b722d5cacfd60b73,2024-10-08T09:15:09.133000
CVE-2023-46282,0,1,f4d05dc2bb1859eaf46348465b22815a02beeb115bddd8ce8cb8d563024f8e04,2024-10-08T09:15:09.323000
CVE-2023-46283,0,1,be6dc8aece8c2be89e9f46d04539c09aa93d6ddf8cc93d640545f5b056809e56,2024-10-08T09:15:09.543000
CVE-2023-46284,0,1,dbee4cdb765a4ecc4e6c27a4431f81b880c9e2db09f316eb45ceea5b194f68fd,2024-10-08T09:15:09.700000
CVE-2023-46285,0,1,fbd0788c5bdbefa61c2c79d309e0b33628e75c34bc88276c5ad7e016e437c9cd,2024-10-08T09:15:09.907000
CVE-2023-46287,0,0,85a909e3e554790149fd7a7bdc6ee45250511abf7ba5aad16e27d821e125bedd,2023-10-26T17:05:56.627000
CVE-2023-46288,0,0,4e7c3d0f2a47c2cdb963e20693070bcb74b570c31f4c02925a81ed68bcc5f5b3,2024-05-01T18:15:10.563000
CVE-2023-46289,0,0,b718fe11c7d9982447dba29076a54dbfa45cb0ef9825d49911b46533095026f6,2023-11-07T18:18:35.950000
@ -239469,6 +239470,7 @@ CVE-2023-52948,0,0,f79919aed1747abb868b7504103d5ade0b888b12580c06d7084afbaa6db54
CVE-2023-52949,0,0,57e7b479eb0b4cd4da85e5578fdc01b85634bb050edda133619d47c1369d88c5,2024-10-02T15:26:32.077000
CVE-2023-5295,0,0,41c6baf71065d9210a6020c54df01a479effe3ab43eb4f6a24f246bdbfb6c99e,2023-11-07T04:23:49.733000
CVE-2023-52950,0,0,8f3573aeaa08ecbde7fa2e7d1621b857fef69d5f70409675af871fb9ea9d77f3,2024-10-02T15:26:33.837000
CVE-2023-52952,1,1,8062ec4a56491efd39fec21d68c9e134f915959fdc68c2325eb2dcd8149ebfb7,2024-10-08T09:15:10.097000
CVE-2023-5296,0,0,476d33b024be332ac896dbf35bcf9a4f784c8ee1e5e045f6783134e6c34f6d9c,2024-05-17T02:32:59.083000
CVE-2023-5297,0,0,ae358353c2ceed16fa9e9e76c2608b86123b91774a8853eb6bb1140ab0dca019,2024-05-17T02:32:59.190000
CVE-2023-5298,0,0,b737514e302eee8d165af79674626b1e30c9fc6b7145814e6b6dce9deaaa8577,2024-05-17T02:32:59.290000
@ -252907,7 +252909,7 @@ CVE-2024-33694,0,0,26d440cb75dcd86544ffadb69d95d3097f1e6a23ac05fe9a05fb2494be46d
CVE-2024-33695,0,0,496bc8a3b6cc06e0f2cb2ff5ef3180780eefdd07d63e68d063cf97ba79dd8598,2024-04-26T15:32:22.523000
CVE-2024-33696,0,0,8adc0db7b8cce33b994e835fa3f282e25f1f4ef5644a2aed7cd50d800fe731e7,2024-04-26T15:32:22.523000
CVE-2024-33697,0,0,4a571113caa6ccf495d29be30608c42f9dddf9084d1562bed260e698c04aae88,2024-04-26T15:32:22.523000
CVE-2024-33698,0,0,a8c5e7c040b3c6d1c0f9bc21543a8682893b5aa4922da330e8b0355256cea828,2024-09-10T12:09:50.377000
CVE-2024-33698,0,1,757107609bb2e6f896c0b7f0b6fa39b8f34d961ef227f03387260ef6a53fe2d1,2024-10-08T09:15:10.463000
CVE-2024-3371,0,0,d2e6ea20ce5eb692a4e48c27aedae40a56c8f7db204eed4d633cbd78a04f68c4,2024-04-26T15:15:49.357000
CVE-2024-3372,0,0,a196d1e45ccce196e4deb1ea2387c2fe4f6bf89b27a8a7cd4be5ebcd31c9a0db,2024-05-14T19:17:55.627000
CVE-2024-3373,0,0,02bb0a6a8cf1c8cb960f2645d7165e4c706cc177e4cf5e50be0530bbf35b3163,2024-09-30T12:45:57.823000
@ -253637,18 +253639,18 @@ CVE-2024-34659,0,0,dd3f9420e24bf859148c793c2123fe1fcf6f82da97ec67367518f44415c24
CVE-2024-3466,0,0,0337eeb2bb11dc2971562c8acd5fd5c98aad745dda4239343a7e69d2339c0489,2024-05-17T02:39:57.717000
CVE-2024-34660,0,0,0b2d2bea24d7fa6e914da9f7286c2cb2a544faaaec97dda10fa17e8966604e75,2024-09-05T13:30:28.343000
CVE-2024-34661,0,0,39eda7ed3fc18d4431971deb4f86b7b12866001e42dbec50f2575ba9405dbbce,2024-09-05T17:57:44.563000
CVE-2024-34662,1,1,574bcc52a06b80a184db55e39e42f577f3eb2ac2c9e56990a9056ed9978a5fa3,2024-10-08T07:15:03.037000
CVE-2024-34663,1,1,a6d6d89b597b071425d4775658bca7740fdc4ccb904435f31e03a35b8e084c44,2024-10-08T07:15:03.497000
CVE-2024-34664,1,1,b0af6d2fc1effb7b63974ab8e8a92e961cf04539a6c86c6964eaa2d7a5090b66,2024-10-08T07:15:03.750000
CVE-2024-34665,1,1,2d53a80469076a1546e02c704527cccd1c32ff6a09c90b24270125015344ba02,2024-10-08T07:15:04.053000
CVE-2024-34666,1,1,c9ac7b71efa68743532de986da23df68a4fcb4b6c34a9d5da7e8f87c3190bd6c,2024-10-08T07:15:04.363000
CVE-2024-34667,1,1,0d57a5c5f557dd6a961615a2dd140274be92d154455088a467a06b9482035a70,2024-10-08T07:15:04.643000
CVE-2024-34668,1,1,6052d389156dfea6a5f5227a2b21ac0bf6fdcd812b2273c21c8b009aab64124c,2024-10-08T07:15:04.897000
CVE-2024-34669,1,1,dd5bef890e33b20a163fb8f5195212c70ad93f1a6de94397e5b8247bd53ca307,2024-10-08T07:15:05.137000
CVE-2024-34662,0,0,574bcc52a06b80a184db55e39e42f577f3eb2ac2c9e56990a9056ed9978a5fa3,2024-10-08T07:15:03.037000
CVE-2024-34663,0,0,a6d6d89b597b071425d4775658bca7740fdc4ccb904435f31e03a35b8e084c44,2024-10-08T07:15:03.497000
CVE-2024-34664,0,0,b0af6d2fc1effb7b63974ab8e8a92e961cf04539a6c86c6964eaa2d7a5090b66,2024-10-08T07:15:03.750000
CVE-2024-34665,0,0,2d53a80469076a1546e02c704527cccd1c32ff6a09c90b24270125015344ba02,2024-10-08T07:15:04.053000
CVE-2024-34666,0,0,c9ac7b71efa68743532de986da23df68a4fcb4b6c34a9d5da7e8f87c3190bd6c,2024-10-08T07:15:04.363000
CVE-2024-34667,0,0,0d57a5c5f557dd6a961615a2dd140274be92d154455088a467a06b9482035a70,2024-10-08T07:15:04.643000
CVE-2024-34668,0,0,6052d389156dfea6a5f5227a2b21ac0bf6fdcd812b2273c21c8b009aab64124c,2024-10-08T07:15:04.897000
CVE-2024-34669,0,0,dd5bef890e33b20a163fb8f5195212c70ad93f1a6de94397e5b8247bd53ca307,2024-10-08T07:15:05.137000
CVE-2024-3467,0,0,cacb4fff60c492ce28d24c855ee87196a20d1b51cff8acadb6d43f71f0e4e429,2024-10-03T19:47:06.097000
CVE-2024-34670,1,1,9a9e2ea710b373c9ee89fece9c4d6ebf7bcf07bbd7c768c7ac42b417644fa815,2024-10-08T07:15:05.390000
CVE-2024-34671,1,1,fee5d12a716506c9dc2da2f269d419cc85082e626addf54f7e2de8560f43efb1,2024-10-08T07:15:05.640000
CVE-2024-34672,1,1,65f2d64f7ec08214ffd88296e0fee3b1668bd3b30a800854d956c3f490a6effe,2024-10-08T07:15:05.880000
CVE-2024-34670,0,0,9a9e2ea710b373c9ee89fece9c4d6ebf7bcf07bbd7c768c7ac42b417644fa815,2024-10-08T07:15:05.390000
CVE-2024-34671,0,0,fee5d12a716506c9dc2da2f269d419cc85082e626addf54f7e2de8560f43efb1,2024-10-08T07:15:05.640000
CVE-2024-34672,0,0,65f2d64f7ec08214ffd88296e0fee3b1668bd3b30a800854d956c3f490a6effe,2024-10-08T07:15:05.880000
CVE-2024-3468,0,0,9cbc57c509ee4c447cef04d212cb9221d0311dbaa25def2d7e51d8a8ca44ea39,2024-06-13T18:36:09.010000
CVE-2024-34683,0,0,9d29c0ceca80aeb9ddf34072d48291a9d5d5d5decac1bcbe5defe30bff14c867,2024-08-09T20:04:44.060000
CVE-2024-34684,0,0,e8c75614bfdf726402b2e2e5ba5b4d9d3d56d8e0e55be88a08ea86e305e764ec,2024-08-09T19:15:17.677000
@ -254330,7 +254332,7 @@ CVE-2024-35779,0,0,706445338be7aae5f251c8b956a0c3bf0868336274fe9963a1a9e43c59067
CVE-2024-35780,0,0,685b106b3d65ae1869c2c1c35a0354f69b2eb70c614d38b4e2c684c295e7d786,2024-06-20T12:44:01.637000
CVE-2024-35781,0,0,aa3ec547f8f8f306fe8ea0fb55240637cbf26b27603624da2638b54b69436759,2024-06-24T19:15:58.517000
CVE-2024-35782,0,0,dbc038df298fe5384dd87379cd2931409975f0d218f64474d4c9dcc1abcf8e97,2024-06-05T19:50:20.463000
CVE-2024-35783,0,0,8acb9b63137f8c44b720317f1c62716f73ba2d38715c4524cc52873fd8917bf6,2024-09-10T12:09:50.377000
CVE-2024-35783,0,1,a821ae65f3934f85f11eead938e9cdce5096c9b4889b6ccd7b78234559d922b9,2024-10-08T09:15:10.740000
CVE-2024-35784,0,0,5d7a60327e3aea236c6954addcecd342bc4303bf9f4ddbf6fdcb56f7d7e890e7,2024-05-17T18:35:35.070000
CVE-2024-35785,0,0,99251cf0758a83ae7f60c2f912cfb4919a76584c6054f38cf9392b41ad4b090a,2024-06-25T23:15:30.160000
CVE-2024-35786,0,0,e8af1ef6ccd4fa218271a6a20ff9f509feb225a9368ed4f0a4c142495813a3de,2024-05-17T18:35:35.070000
@ -255898,8 +255900,8 @@ CVE-2024-37992,0,0,6cf5910b8bbfc6e4bbf8511b3622b0bb295aa3b8b1ce93a159c1abe8bc1e5
CVE-2024-37993,0,0,ccdbccfd8d20c45e847ed3305bd3d1d68f634bb8b22e3e08af2c388cfb81c3e4,2024-09-18T15:32:26.037000
CVE-2024-37994,0,0,f6c2b537912c7f76236be34918e554ed4af1a8005c652c14c816895c9d7442f1,2024-09-18T15:35:17.403000
CVE-2024-37995,0,0,7823f83a92d1c5d9fcab4eff076ef9a6f54ea81c7f492fff881334a568a7b5e6,2024-09-18T15:37:15.130000
CVE-2024-37996,0,0,e39e1581961cad8f5d5dd910100078a11657ad2090cbed7264c9a8bad1310bf5,2024-07-09T18:19:14.047000
CVE-2024-37997,0,0,880ea769e8919f97f57b9878ce449ed40b5cbca31c8883be4629ac4f6a893243,2024-07-09T18:19:14.047000
CVE-2024-37996,0,1,cdbb87da05f7a9e973ad2a7a8d2b1fa06b5319a3d2e5b15925de930eff209af6,2024-10-08T09:15:10.880000
CVE-2024-37997,0,1,10214765491aa29b8c34faf22f5e8238fda623005890c9342516743753b6cf74,2024-10-08T09:15:11.020000
CVE-2024-37998,0,0,f74f0aee21c1d0ed189b1b53893b54b9b769e53300f2261ee57ad9c992f023c0,2024-07-24T12:55:13.223000
CVE-2024-37999,0,0,8cc7ef29669a6bf56abc5c4d9d499ae722d49a7fd7f5699024acadd03ad23f41,2024-07-11T14:44:57.050000
CVE-2024-3800,0,0,f8f57ef4bdedf9e336bba69e6db949ed7a578f3b2a10988d7c69ed3685de0000,2024-07-03T14:36:22.273000
@ -258248,6 +258250,7 @@ CVE-2024-4176,0,0,2a1e283cc95c7d3d47b09f457f96512613ab4fb1878e9b333c02ce78f75d83
CVE-2024-4177,0,0,e1d6d87dc8ef62b0d8de94cfe98a875b1cbd39c3640e8e02d8d5a4e8bb3cca88,2024-06-11T17:53:13.710000
CVE-2024-41773,0,0,73b68ae1e3819b7d1bac9bdaf38a7a90512524d32ae7dfbb950bef5b99d479bb,2024-08-26T18:33:07.997000
CVE-2024-41774,0,0,efcbfdf7ce18fcd97c6ecc860adabe2a80f23f77068d5d032fbe380664ccfbc3,2024-08-24T11:15:05.670000
CVE-2024-41798,1,1,45064c10f8f66685c2ca5eb5e6524b723fbfece171e686c7f4bf27f18de990ec,2024-10-08T09:15:11.177000
CVE-2024-41799,0,0,7695f1ee4025235dd7412142131ce8d75a7b17a18d3cf669cff383f93f7dba19,2024-07-29T16:21:52.517000
CVE-2024-4180,0,0,89f84993baa10ab5b41ed58678b5b9e31ff190980a67ee18130266156f7434fc,2024-06-04T16:57:41.053000
CVE-2024-41800,0,0,8108ad4aec84b72160a0ba583493fdb39a6a8216c757ba571a1ca2a1589843b7,2024-08-26T16:33:17.150000
@ -258336,6 +258339,7 @@ CVE-2024-41888,0,0,551a193b56683c8a955974406454da46e806e6e58f5cbc2dcb8dc5dd231b9
CVE-2024-41889,0,0,c2f8146a4c074f06a28a6e2235a6e3d92ccee3a8823a7bd377c0c9b959c16c5c,2024-08-30T17:53:40.897000
CVE-2024-41890,0,0,a90af16c8c7558e5227ebbc511a4c71519b3a4532e07b0a451c0d8da1663fee0,2024-08-29T12:56:47.413000
CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000
CVE-2024-41902,1,1,1af5dd71fb75c2a1e22474726778e298e8dc0e50797e6bc9a7e22f1558bae165,2024-10-08T09:15:11.453000
CVE-2024-41903,0,0,67dddda11208425a9dbc345fc58604fc5d7cb0caf7e9b81aadfd0fc331e40c63,2024-08-14T18:39:21.207000
CVE-2024-41904,0,0,2a16ff348e5db01cbd9004bb6da7c38aafbed87ec5d8a582eda1208aebd9a27c,2024-08-14T18:39:32.883000
CVE-2024-41905,0,0,ac139d9e01d82a616a25e6137ffc628fc7fb451519deab8e50230ba67daa3137,2024-08-14T18:03:07.660000
@ -258399,6 +258403,7 @@ CVE-2024-41976,0,0,28d622db4b0702423d465fd5f760fc3d4baf285e2f7024720bdb5fee42ef0
CVE-2024-41977,0,0,d5d8e1f89415d399848bf3d43d8f9a317c22096ecf54afde801686a9741da6f6,2024-08-23T18:39:13.990000
CVE-2024-41978,0,0,bd0d09a1a56dc8d7414c845b0662922159c0a17b71c017862473bb9d2c3c7ab8,2024-08-23T18:34:36.283000
CVE-2024-4198,0,0,10694c0c68dfe4c7db6b33a26dfbe4eb44c2b4223bfed9be5285208f068f86b9,2024-04-26T12:58:17.720000
CVE-2024-41981,1,1,89dccb9a9b1a619fb921e09cbfe17d569e7ded13d8b2b873ee6df56a9287f000,2024-10-08T09:15:11.813000
CVE-2024-41987,0,0,2f4f37771c64bca6e8bc71abc128fccafab15d1bd7c04aa54df908658ca64cbb,2024-10-04T13:50:43.727000
CVE-2024-41988,0,0,55a7396f021c4e6e2381c6c9dc94df55d597f6b964a5b9492a46da16c19f42d9,2024-10-04T13:50:43.727000
CVE-2024-41989,0,0,e902f47b7607adc4839df00802ec4b9f801f5195050e557f24fe6e1b06bacb3c,2024-08-08T20:35:11.140000
@ -260346,7 +260351,21 @@ CVE-2024-45458,0,0,a61716ce0d3fef0ec6cc594d56bae2d0a9a90d5b7d46e3aad6884d33d8f55
CVE-2024-45459,0,0,9b179c3f3fb0a5657b063c5e1d95801691f8f9a5515abf4db8b2da6f6597452a,2024-09-27T14:46:32.483000
CVE-2024-4546,0,0,da973c82a9042d639d29e7a0c2ffb48d440dea200e6df21027887041c43a68db,2024-05-16T13:03:05.353000
CVE-2024-45460,0,0,b05278f65cfdb1f7853ef120543347199a3969bb30d487211ecff7d9eae8c937,2024-09-27T14:51:08.120000
CVE-2024-45463,1,1,b14997d449296e3ed398a216c9426912006440d0f9f4e31a4f43d6c99b114476,2024-10-08T09:15:12.080000
CVE-2024-45464,1,1,7259f44dad4ce5cac860aabc1d83bc5c6e96205277387d6a67190538c1464fe0,2024-10-08T09:15:12.370000
CVE-2024-45465,1,1,dbeef31841d83ce51707353a4b6f0872824f7e29c8043778011ed6ba496a7cff,2024-10-08T09:15:12.640000
CVE-2024-45466,1,1,6c8b2e0bcdf1d2386217ab64b855f51f733e5ad98db319a189aef00766206aa7,2024-10-08T09:15:12.903000
CVE-2024-45467,1,1,d65e3a662794482ec0b77c0d06807c77eaa02478b39a7d61b66fce51c29add7b,2024-10-08T09:15:13.180000
CVE-2024-45468,1,1,bf2b6b7f670672018c0f6567f697a4accb76014a11e2f39333e29ab1e78697eb,2024-10-08T09:15:13.443000
CVE-2024-45469,1,1,e0ce23d1b6d06f90dc1f8ca0aa48ae9a283ad95132dea3f30f04989ad0da1214,2024-10-08T09:15:13.757000
CVE-2024-4547,0,0,e03413ba2a3d643e986abd6a70d4989a4412faae98e55cc280c4859673ba647d,2024-05-06T16:00:59.253000
CVE-2024-45470,1,1,01a9d102ecbff8f08ccb73c3b9a8930f23169a020e86011cb85ec54d992829cd,2024-10-08T09:15:13.973000
CVE-2024-45471,1,1,4800f1364189684dbd9b18c0b398d617cf6777cfe119ac885036a9fc3d8fbc01,2024-10-08T09:15:14.293000
CVE-2024-45472,1,1,f8047d33e93a4569f7f6a843af6cae5a0d7f4917354bc573fcef96b4e770859a,2024-10-08T09:15:14.557000
CVE-2024-45473,1,1,ba3c30c121769807c1fc9863aebeac976220399633f968b9acf6e578fe02d277,2024-10-08T09:15:14.860000
CVE-2024-45474,1,1,a5639db615285a7ce152d2ea92433fd211ded2724576794f170998abae7c5651,2024-10-08T09:15:15.090000
CVE-2024-45475,1,1,895e9e97f34b4de04934f80d7ac3e3bf6ca6c7c1098c8c83ae37c14ef404d5e2,2024-10-08T09:15:15.457000
CVE-2024-45476,1,1,6180ae47c143eeb96390b150ea217acb708589cb4a0a729802ffefd06fd1df4c,2024-10-08T09:15:15.830000
CVE-2024-4548,0,0,c312b0154ade9cb7e93b29cf6468875ea09abcdae811bc20c1f6b28cb1f08ef2,2024-05-06T16:00:59.253000
CVE-2024-45488,0,0,02812af338aadc4a80122f84f222d800d57fc191e3e2ef216830d55dc271ef45,2024-08-30T19:35:06.870000
CVE-2024-45489,0,0,6ea1c310f6732949eac7ded3c08e0687f1be76a01c2bdfe6c41533999acd86e8,2024-09-26T13:32:55.343000
@ -260961,6 +260980,8 @@ CVE-2024-46868,0,0,f9213706fab3b425fd6d7b9c70ceaf5cede666ff7057d8fa56ee82d754aa0
CVE-2024-46869,0,0,9ed81572871432f968131373b48d9116fc414e30c1ec7495d6906513924c285a,2024-10-04T13:51:25.567000
CVE-2024-4687,0,0,5435981fd840e586246d5a6c7c954862d5332569f9e647b4965c896a6669b062,2024-06-04T19:20:46.547000
CVE-2024-4688,0,0,52289ed8c0286442cd44c00a18386eec964a66f3ff263d13f6b3a47ad78257b2,2024-06-20T20:15:19.617000
CVE-2024-46886,1,1,8812d7e0ae6eb3236a15932b28dac95e2f77493c42909a76273589345ce9985c,2024-10-08T09:15:16.093000
CVE-2024-46887,1,1,33dfbb906ebcdd01d3cef078ce0ea7a694b53a51dbcf757cb80c0210bf26b788,2024-10-08T09:15:16.447000
CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113b8,2024-05-14T16:11:39.510000
CVE-2024-46918,0,0,bb2eeb1c2eb1e1757cf1750044772f91012857866544e10c0b718da276cf0057,2024-09-20T18:14:23.897000
CVE-2024-4693,0,0,e3d9266511ed640ea0a2750bbbe8d9b8b25eda5f77b693324e75ee95f4a7a307,2024-05-14T16:11:39.510000
@ -261005,6 +261026,7 @@ CVE-2024-4703,0,0,7e57d47de6048bcd912b4c77aa51d488946887d89315e68305481f1a257803
CVE-2024-4704,0,0,9637a93e192a5f32142e05687e31ff3688b029254561fc4728d18bbfa1666d6b,2024-07-03T02:07:57.433000
CVE-2024-47044,0,0,404ff692afa802efbbfdf62c405c61d201fe4f2cebfdc0d42fd19c3d33c10bab,2024-09-26T19:35:23.043000
CVE-2024-47045,0,0,f477b3cad8608c11a6f4e2c578041877872bac107a164ee977d83ddf752336b4,2024-09-26T15:35:29.950000
CVE-2024-47046,1,1,03051d0cdca8055a851b3f6ea054f40b08eaddf7ffb9f809618fe899bc5fad1a,2024-10-08T09:15:16.757000
CVE-2024-47047,0,0,d8855532a1b9b01d9e7fc7225d9d8944472a4e5bcd23ab8d15e96ebcc6becd71,2024-09-27T17:03:35.507000
CVE-2024-47048,0,0,3e2f1651277aae0b881ff2293ea5a1adce6f7fca0dbe63c48af088557b921506,2024-09-26T17:12:07.440000
CVE-2024-47049,0,0,3e6b2d17b4e33f39069cb56c499a02c9b742796ce9abde4b775c7183f5720e70,2024-09-27T17:09:46.980000
@ -261039,6 +261061,7 @@ CVE-2024-47087,0,0,00c0418dcbaa10bdb3121773be01ff0430232cec071716dead5062981f005
CVE-2024-47088,0,0,5bc4be26850bfb4e3e396fe3f1262b2500b1973a359f7076f289ec4b80ad5479,2024-09-26T19:12:58.083000
CVE-2024-47089,0,0,1aa118929a8fbaed8fa0c3349daa09104fd9f185af346e27a442cf4679169f72,2024-09-26T19:09:44.377000
CVE-2024-4709,0,0,291d83b7a71e23f3ddf2ffe4b4f9de6c9c89e71bab3de54c457add53e92c99e9,2024-05-20T13:00:34.807000
CVE-2024-47095,1,1,9a3cb4d5bbec813d8a0096b3e3cf7614d5bc8b1771956274db9a11b93c22c47e,2024-10-08T08:15:02.237000
CVE-2024-4710,0,0,bc3d641a4dcd652350f442cdc80714adde1798c9afb82fb5cdb92bbe3aa27b20,2024-05-21T12:37:59.687000
CVE-2024-4711,0,0,d363465dc42b9acab3c0c0b87ab6c465a5fbabc481e6b69ff97f983a499169d2,2024-07-18T16:32:23.447000
CVE-2024-4712,0,0,3843a22d246b1dcd1f463ab35db131587d98590206b11784167b4cf4df51610c,2024-09-26T02:15:02.550000
@ -261081,6 +261104,9 @@ CVE-2024-47183,0,0,0b76031324ee2fb120db4824ba5dbb2c20e3fad1aa53ab61ba1485112276d
CVE-2024-47184,0,0,ec4f2d4aa381d6be3b04a5d96e034e76004fe037b3abeb496a459d57a9fce134,2024-10-04T18:19:26.240000
CVE-2024-47186,0,0,039f38f277124d2a0772e43f534fb151851ccf4c65185f4966f7e81d742991ce,2024-10-07T13:30:55.640000
CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000
CVE-2024-47194,1,1,316103eb084ec6217054a1fc514821ac3bc94a538674f22dc5653132cf19654c,2024-10-08T09:15:17.047000
CVE-2024-47195,1,1,d795e93240c6c6fd0784c6074f3fd46e6fef6bc125756d49adbae58c747d0b95,2024-10-08T09:15:17.300000
CVE-2024-47196,1,1,c92c48de2b3433b7a77f962c96686b397eabda030bf3e0714ea8f48a71e5e773,2024-10-08T09:15:17.563000
CVE-2024-47197,0,0,e4a1d8789bd0c967523f7418fe544ba10b0b511b96a39b8a241e5a1afb5230b4,2024-10-02T17:25:36.990000
CVE-2024-4720,0,0,eb5b6c06efbc2e8e5b700d46905e09781ba603e4dc4e18ff8664640e85fa6762,2024-06-04T19:20:47.440000
CVE-2024-4721,0,0,58190a4c7e114543454f0451ab9386f5b2fe1b56ab67d3c8b011dbecb251f4fd,2024-05-17T02:40:34.750000
@ -261222,6 +261248,7 @@ CVE-2024-47534,0,0,2c8638aa4776b453b12ca3480cb4741f7283b9b6a2cc41fc9eec726fcf451
CVE-2024-47536,0,0,353df15c5abe486c0bd2000eeee4b00375b2403ebe72a10be7f49c66f18c4bd4,2024-10-04T13:51:25.567000
CVE-2024-4754,0,0,43efa3a5287d05b500ecfcf4503ad62e1b41a22939150352bf102c1b98a3511a,2024-06-24T12:57:36.513000
CVE-2024-4755,0,0,ca5306e45de4985a027d64d4740785092288eb6abbd1ab6d1fda3377d88d4e7e,2024-07-03T02:08:01.477000
CVE-2024-47553,1,1,b6d9db554fce6f044e8be48060d3d9a4ef7fb7e58b15d448b53b18a891358a75,2024-10-08T09:15:17.847000
CVE-2024-47554,0,0,ed4aff6ea0e7ac69533e960f0592e4849edcc0303a79e4282ca0e96ec7b37a4c,2024-10-04T13:50:43.727000
CVE-2024-47555,0,0,25008e1c4d455bb755601d59a5982dc6f6d6901f7829e23e2ded2370906eeda0,2024-10-07T18:15:04.787000
CVE-2024-47556,0,0,ee1f258e3192821f118e0186a5cd74bbe18a76142b061f276b084fdd58b62009,2024-10-07T19:15:10.057000
@ -261231,6 +261258,9 @@ CVE-2024-47559,0,0,ef0edbe64ae39c4dd382182155779021d84952dcc76fb367b96637820eefc
CVE-2024-4756,0,0,56f5675f964fc18dbd2235a67dc0431c0553314b21f097091d5942b6bc7c2044,2024-08-01T13:59:34.090000
CVE-2024-47560,0,0,b8abd4241aae2bbcacde7e0c93543de13fb150a4040a68118a29f4e634e60873,2024-10-04T13:51:25.567000
CVE-2024-47561,0,0,1187d18aeddf57f3855631575eec8fc1684027bd65a7263241fe4e3f5d2788bc,2024-10-04T13:50:43.727000
CVE-2024-47562,1,1,6c63165ac126d2f0908bb38552864bcb50ab49e7e1fa13c94e2f4cc0294e3418,2024-10-08T09:15:18.110000
CVE-2024-47563,1,1,a781ef5f58a8206998c33ee523ce0e9efdb8bd6402c566a82015ace6f8a1e8f4,2024-10-08T09:15:18.403000
CVE-2024-47565,1,1,0f8cdfa324157c1ceabf04deff2c7d0de9b900955c3adca4fa09db34510f7ecf,2024-10-08T09:15:18.730000
CVE-2024-4757,0,0,8697ca9e70d5ba37736a0a67620900f7a3da7cbcb97e29086de20de73cd3bfef,2024-07-03T02:08:02.463000
CVE-2024-4758,0,0,725af37997323245576176c0490558b45926193602683436c3054da734872332,2024-07-03T02:08:02.707000
CVE-2024-4759,0,0,88e594c7c898a4e82a1a8532a1f049d1a9fe25baf60278988c21dabe64f2896b,2024-07-03T02:08:02.923000
@ -263377,7 +263407,7 @@ CVE-2024-7202,0,0,cd873862dd9c581add7def3fb09e4d862139cb04eed28a9bf2f7047259aa2b
CVE-2024-7203,0,0,9623065bb1076b933803b0136efc271bca239649fdbd7e41cb52d273c630ecf2,2024-09-05T14:33:17.567000
CVE-2024-7204,0,0,1bfd5eea41034a87a8406d1df422953de68b7d6759dfb1054c8215461bee3314,2024-09-11T14:23:45.127000
CVE-2024-7205,0,0,f8b1cbec46ea51b223aac866d1ac39ee6fa7b6e832e6e62020df5a45e4b00643,2024-07-31T15:15:10.993000
CVE-2024-7206,1,1,1ab3cec5f08eddbac209a8cfbc80aba5607c4278c7ff611141bb49459659b662,2024-10-08T07:15:06.170000
CVE-2024-7206,0,0,1ab3cec5f08eddbac209a8cfbc80aba5607c4278c7ff611141bb49459659b662,2024-10-08T07:15:06.170000
CVE-2024-7207,0,0,685939e6da39eea18941ae363d793c2135cdd34b1de02f3365cc55972f116f83,2024-09-30T19:15:04.540000
CVE-2024-7208,0,0,23976b9c97cfc390397ceda1fa9cd6b5d178a3b311c11fb9c9f129febf7d4e73,2024-08-02T15:16:37.420000
CVE-2024-7209,0,0,70d88ede2ff174d67b44db29b9d64c217e00f13cf62689936f75e53f7397ee7a,2024-07-31T12:57:02.300000
@ -264555,6 +264585,7 @@ CVE-2024-8907,0,0,3d86966b7711318d0ab27de85fd6280ec2e537a37979cfd99531e9b10f8d74
CVE-2024-8908,0,0,814a632e733410078b07e9411999ce68ca7ad8b9d3cd0621cbfe771be6322728,2024-09-23T17:59:14.137000
CVE-2024-8909,0,0,164deeef11f6495a80d20f0aa7bd15b53f984d767860039b14665a9aa77c7c0d,2024-09-23T17:51:11.790000
CVE-2024-8910,0,0,381e6285f77cbfcd68b12e9f3c36f92b4377fd4642413a4087debb4746eed093,2024-10-03T17:34:27.913000
CVE-2024-8911,1,1,e7036e57a7b5079248b6d7c63c86a4c9d197ebc1e3176b6b0eb42ac038dad567,2024-10-08T09:15:19.077000
CVE-2024-8914,0,0,c67ce2c8d24044b482c9bbb33384856203ff5bb870309850d7df3d6267c1b679,2024-09-26T13:32:02.803000
CVE-2024-8917,0,0,32a69b030ac61cd4e144a233fc55362cc6115ccb6ecca5ec236644320a2aecf1,2024-09-30T14:30:38.687000
CVE-2024-8919,0,0,e01b61fd584c4fffdfd8e5db7a09e1be1033f5c7df5b5418d10948726a2bc540,2024-09-30T15:08:14.077000
@ -264566,6 +264597,7 @@ CVE-2024-8939,0,0,1f70befe339fdb31af424859012581aeb13e8f518e2f8da7bf31e05da17f11
CVE-2024-8940,0,0,8c62b13b4d198a54cb56580861e41476c7bb8758f7b9eb8762dc3ff8a4d7701c,2024-10-01T17:21:01.550000
CVE-2024-8941,0,0,92a203d8a6a94e9c82aca27b5b4eb25cc17b0659508e43ff25edbb70a0d6f393,2024-09-30T19:45:43.223000
CVE-2024-8942,0,0,856856bd14b58b19668f9a36b8a793262f5091e96c724b4e90a8dd630a5aaf77,2024-09-30T17:39:28.417000
CVE-2024-8943,1,1,a8ef9d8956fd67bae6a422d9d249ddb2456a2f806a7a8924b864d4b8bf5f6f41,2024-10-08T09:15:19.343000
CVE-2024-8944,0,0,163e8bd42c52d6cb1f3f0fdfff8b3db24acfd0dba8d50b29b1780d64b55bd42a,2024-09-23T16:56:34.637000
CVE-2024-8945,0,0,89d4e06764ee27ae462e66a2c760956f13440d7833b3b8093e505b1c71a9aac5,2024-09-25T19:24:25.167000
CVE-2024-8946,0,0,0afc0efb5414dac2f435cdc08456c904eb9a65ac4dd275170da7c9549741129d,2024-09-24T13:11:17.417000
@ -264576,13 +264608,14 @@ CVE-2024-8951,0,0,888c97aa442d5e8c89ae77387b914cd3981839dfe932748e6b429d09cccb70
CVE-2024-8956,0,0,67fe3d1874df790c4fe403e5b4da2c61ceb691a22ee76441757b9e4b9f428f5d,2024-10-01T16:01:30.063000
CVE-2024-8957,0,0,7754fe7edeaccf469b1d2d0d834f9e662d3691f603f526c2d85ee83a7186072b,2024-10-01T17:49:25.573000
CVE-2024-8963,0,0,67fe8ea90f3163df4929d6782956d377bcadef461d17352cf475deabaa8fd4ad,2024-09-20T16:32:02.563000
CVE-2024-8964,1,1,6471d55da584f14cd02d928281d540ddaf0ca162f66bd689de5667e12abc5950,2024-10-08T08:15:02.430000
CVE-2024-8965,0,0,fcd9a7faf9aba17ebbc93d83d1389f5891b9c0797caaf85615a1a91da1ce5a78,2024-10-04T19:04:03.157000
CVE-2024-8967,0,0,1f8d6363a17be63cea1c528abb4efc0a4ea9ce6878b4a1d19a995b4e289c4b45,2024-10-04T13:50:43.727000
CVE-2024-8969,0,0,98dd6be27cce2c3412495467ecb9257ef6e673bce29c0f376bf0c342ca11f9e9,2024-09-20T12:30:51.220000
CVE-2024-8974,0,0,47fcb9de64a47ab7d6fd39981189c5f91c3407e2aae34c6aae2197da9ba195e7,2024-10-04T17:30:18.803000
CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b70,2024-10-01T19:20:21.103000
CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000
CVE-2024-8983,1,1,f0ea9da5ebf59a485ddd81e417437f9b578ee5729e6aaf8f07778c3ac59a8a2a,2024-10-08T06:15:02.490000
CVE-2024-8983,0,0,f0ea9da5ebf59a485ddd81e417437f9b578ee5729e6aaf8f07778c3ac59a8a2a,2024-10-08T06:15:02.490000
CVE-2024-8986,0,0,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000
CVE-2024-8989,0,0,caae46233d26ee2b67df93becf3adf518208e6bbacfb542b8b2dd6d9f605994c,2024-10-04T13:51:25.567000
CVE-2024-8990,0,0,ebe58ed4a084d59384bf44303a373b31562e7163a1320c584d218212811f287c,2024-10-04T13:51:25.567000
@ -264598,7 +264631,7 @@ CVE-2024-9009,0,0,8ca9aa7668c5d5c77c4f8dc75f965a1fc61562deadeb769eddb6e3d475ae86
CVE-2024-9011,0,0,31757df34dd4fee90035c8c1e734eec12ab6ab10926115bc714ff7e9ad5eeaab,2024-09-25T17:48:14.820000
CVE-2024-9014,0,0,a8e29b928e7c02e09a31b50dee33eaa8cea5cb50c9cc022c5089f67468915a88,2024-09-26T13:32:55.343000
CVE-2024-9018,0,0,e176c873e94bd3e2c4b29c05a28da23ed581266b7e7463040882baa285f3a6c4,2024-10-07T19:20:48.293000
CVE-2024-9021,1,1,0bef421d77ccd7d579461a0ddfe317af0ec0cde75efa85454e6303c09714e592,2024-10-08T06:15:02.693000
CVE-2024-9021,0,0,0bef421d77ccd7d579461a0ddfe317af0ec0cde75efa85454e6303c09714e592,2024-10-08T06:15:02.693000
CVE-2024-9023,0,0,8856d7ffdca739d2c0d1b85fb1ee05faeaf6947167077ac20feaa24f6c509db2,2024-10-01T14:39:38.370000
CVE-2024-9024,0,0,29f2f073ee82aef300cee3fd954ac6dc4243aa67d5082fca2a65737992da04c1,2024-10-02T18:02:59.683000
CVE-2024-9025,0,0,8c34a0621e4e149deefb96042ae2c7c0174789fb7b5db2c9c1ef1c4077be46cb,2024-10-01T13:44:23.667000
@ -264718,7 +264751,7 @@ CVE-2024-9283,0,0,a5233c3b589826e3e09dfcafb866e56b060b301af37e2de0e699930a9008fd
CVE-2024-9284,0,0,e077aa9b3331db7cd8049b8d7f3273d870b80909d1916943a385cf9659e49d1c,2024-09-30T12:45:57.823000
CVE-2024-9289,0,0,06a6a34a1543252ca19c46e940aea37797a21c2bfa8e6ac1935900ffb41badd0,2024-10-07T18:25:21.380000
CVE-2024-9291,0,0,e3e60de040a8e25c6f8c9bce959d91ab605417a7bb6a76f30e8af4524d979a49,2024-10-07T16:13:44.433000
CVE-2024-9292,1,1,1dc4c8842dee86f27be3f18468601778bd93091d71bf3712c664e494938097d8,2024-10-08T06:15:02.773000
CVE-2024-9292,0,0,1dc4c8842dee86f27be3f18468601778bd93091d71bf3712c664e494938097d8,2024-10-08T06:15:02.773000
CVE-2024-9293,0,0,7c1c60f5c414b30d6435e9f161e4e8c836a460c723feac3a8584d125df52da96,2024-10-07T15:37:33.670000
CVE-2024-9294,0,0,df4e8ca812056069ce686ccc519c918f454c6a35b9074b986ab12abfbd42a42d,2024-09-30T12:45:57.823000
CVE-2024-9295,0,0,826b99628d695cedf34bdd0860c517e32dcba53de662e82d7c90aebf0e6cdd79,2024-10-01T11:36:27.763000

Can't render this file because it is too large.