admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-06-13T10:00:27.326675+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-06-13 10:00:30 +00:00
parent baa870017e
commit 3922ab2256
52 changed files with 2064 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2018/CVE-2018-48xx/CVE-2018-4834.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2018-4834",
"sourceIdentifier": "productcert@siemens.com",
"published": "2018-01-24T16:29:00.233",
"lastModified": "2019-10-09T23:41:00.140",
"lastModified": "2023-06-13T09:15:13.620",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Desigo Automation Controllers Products and Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
"value": "A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication."
},
{
"lang": "es",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
@ -229,28 +251,8 @@
],
"references": [
{
"url": "http://www.securityfocus.com/bid/102850",
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-025-02",
"source": "productcert@siemens.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
]
},
{
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf",
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf",
"source": "productcert@siemens.com"
}
]
}

26
CVE-2022/CVE-2022-314xx/CVE-2022-31465.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-31465",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-06-14T10:15:20.547",
"lastModified": "2022-06-22T18:31:03.107",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:14.300",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
"value": "A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
},
{
"lang": "es",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [

43
CVE-2022/CVE-2022-338xx/CVE-2022-33877.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-33877",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:14.420",
"lastModified": "2023-06-13T09:15:14.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-229",
"source": "psirt@fortinet.com"
}
]
}

26
CVE-2022/CVE-2022-391xx/CVE-2022-39136.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-39136",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.247",
"lastModified": "2023-01-20T20:17:58.243",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:14.517",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >= V13.3.0.7 < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application is vulnerable to fixed-length heap-based buffer while parsing specially crafted TIF files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

43
CVE-2022/CVE-2022-399xx/CVE-2022-39946.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-39946",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:14.620",
"lastModified": "2023-06-13T09:15:14.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker\u00a0authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-332",
"source": "psirt@fortinet.com"
}
]
}

24
CVE-2022/CVE-2022-402xx/CVE-2022-40226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40226",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.883",
"lastModified": "2022-10-12T14:25:01.567",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:14.680",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},

43
CVE-2022/CVE-2022-413xx/CVE-2022-41327.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41327",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:14.960",
"lastModified": "2023-06-13T09:15:14.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-380",
"source": "psirt@fortinet.com"
}
]
}

26
CVE-2022/CVE-2022-416xx/CVE-2022-41660.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41660",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.530",
"lastModified": "2023-01-20T20:16:12.273",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.023",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds write vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

26
CVE-2022/CVE-2022-416xx/CVE-2022-41661.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41661",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.623",
"lastModified": "2023-01-20T20:15:23.947",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.097",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

26
CVE-2022/CVE-2022-416xx/CVE-2022-41662.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41662",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.690",
"lastModified": "2023-01-20T20:15:41.047",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.177",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected products contain an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

26
CVE-2022/CVE-2022-416xx/CVE-2022-41663.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41663",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.753",
"lastModified": "2023-01-20T20:15:59.800",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.243",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

26
CVE-2022/CVE-2022-416xx/CVE-2022-41664.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-41664",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.813",
"lastModified": "2023-01-12T21:31:51.903",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.310",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V14.0 (All versions < V14.0.0.3), Teamcenter Visualization V14.1 (All versions < V14.1.0.4). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

24
CVE-2022/CVE-2022-416xx/CVE-2022-41665.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41665",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:11.057",
"lastModified": "2022-12-13T16:15:23.667",
"lastModified": "2023-06-13T09:15:15.380",
"vulnStatus": "Modified",
"descriptions": [
{
@ -35,13 +35,33 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

43
CVE-2022/CVE-2022-424xx/CVE-2022-42474.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-42474",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:15.597",
"lastModified": "2023-06-13T09:15:15.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-393",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2022/CVE-2022-424xx/CVE-2022-42478.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-42478",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:15.653",
"lastModified": "2023-06-13T09:15:15.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-258",
"source": "psirt@fortinet.com"
}
]
}

30
CVE-2022/CVE-2022-433xx/CVE-2022-43398.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-43398",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:11.940",
"lastModified": "2022-11-09T16:32:24.333",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.707",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices do not renew the session cookie after login/logout and also accept user defined session cookies. An attacker could overwrite the stored session cookie of a user. After the victim logged in, the attacker is given access to the user's account through the activated session."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
@ -123,6 +143,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"source": "productcert@siemens.com"
}
]
}

34
CVE-2022/CVE-2022-434xx/CVE-2022-43439.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-43439",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:12.003",
"lastModified": "2022-11-09T16:33:36.787",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the Language-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
@ -122,6 +142,14 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"source": "productcert@siemens.com"
}
]
}

34
CVE-2022/CVE-2022-435xx/CVE-2022-43545.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-43545",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:12.067",
"lastModified": "2022-11-09T16:33:56.923",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.870",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the RecordType-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
@ -123,6 +143,14 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"source": "productcert@siemens.com"
}
]
}

34
CVE-2022/CVE-2022-435xx/CVE-2022-43546.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2022-43546",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-11-08T11:15:12.127",
"lastModified": "2022-11-09T16:34:21.450",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:15.957",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.50), POWER METER SICAM Q100 (All versions < V2.50). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the EndTime-parameter in requests to the web interface on port 443/tcp. This could allow an authenticated remote attacker to crash the device (followed by an automatic reboot) or to execute arbitrary code on the device."
}
],
"metrics": {
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
@ -123,6 +143,14 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"source": "productcert@siemens.com"
}
]
}

43
CVE-2022/CVE-2022-439xx/CVE-2022-43949.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43949",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.027",
"lastModified": "2023-06-13T09:15:16.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-259",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2022/CVE-2022-439xx/CVE-2022-43953.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43953",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.077",
"lastModified": "2023-06-13T09:15:16.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-463",
"source": "psirt@fortinet.com"
}
]
}

4
CVE-2023/CVE-2023-13xx/CVE-2023-1323.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-1323",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-12T18:15:09.910",
"lastModified": "2023-06-12T18:22:56.843",
"lastModified": "2023-06-13T08:15:09.070",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
"value": "The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},

43
CVE-2023/CVE-2023-226xx/CVE-2023-22633.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22633",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.127",
"lastModified": "2023-06-13T09:15:16.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-521",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-226xx/CVE-2023-22639.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22639",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.177",
"lastModified": "2023-06-13T09:15:16.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-494",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-256xx/CVE-2023-25609.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25609",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.227",
"lastModified": "2023-06-13T09:15:16.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A server-side request forgery (SSRF) vulnerability\u00a0[CWE-918] in\u00a0FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-493",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-259xx/CVE-2023-25910.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-25910",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:16.280",
"lastModified": "2023-06-13T09:15:16.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.\r\n\r\nAn attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-968170.pdf",
"source": "productcert@siemens.com"
}
]
}

6
CVE-2023/CVE-2023-259xx/CVE-2023-25957.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-25957",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-03-14T10:15:28.577",
"lastModified": "2023-03-21T18:13:40.880",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T09:15:16.340",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All Versions >= 1.16.4 < 1.17.2), Mendix SAML (Mendix 8 compatible) (All versions >= 2.2.0 < 2.2.3), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= 3.1.9 < 3.2.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= 3.1.9 < 3.2.5). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application."
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.\r\n\r\nFor compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled."
}
],
"metrics": {

6
CVE-2023/CVE-2023-25xx/CVE-2023-2518.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-2518",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:10.390",
"lastModified": "2023-06-05T14:59:11.307",
"vulnStatus": "Analyzed",
"lastModified": "2023-06-13T08:15:09.163",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
"value": "The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"metrics": {

43
CVE-2023/CVE-2023-262xx/CVE-2023-26204.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-26204",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.417",
"lastModified": "2023-06-13T09:15:16.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow\u00a0an attacker able to access user DB content to impersonate any admin user on the device GUI."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-21-141",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-262xx/CVE-2023-26207.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-26207",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.467",
"lastModified": "2023-06-13T09:15:16.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-455",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-262xx/CVE-2023-26210.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-26210",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.510",
"lastModified": "2023-06-13T09:15:16.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-076",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-274xx/CVE-2023-27465.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27465",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:16.557",
"lastModified": "2023-06-13T09:15:16.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4). When operated with Security Level Low the device does not protect access to certain services relevant for debugging. This could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-213"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-482956.pdf",
"source": "productcert@siemens.com"
}
]
}

43
CVE-2023/CVE-2023-279xx/CVE-2023-27997.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-27997",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.613",
"lastModified": "2023-06-13T09:15:16.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-097",
"source": "psirt@fortinet.com"
}
]
}

59
CVE-2023/CVE-2023-27xx/CVE-2023-2729.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-2729",
"sourceIdentifier": "security@synology.com",
"published": "2023-06-13T08:15:09.273",
"lastModified": "2023-06-13T08:15:09.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@synology.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@synology.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_07",
"source": "security@synology.com"
},
{
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_08",
"source": "security@synology.com"
}
]
}

43
CVE-2023/CVE-2023-280xx/CVE-2023-28000.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28000",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:16.660",
"lastModified": "2023-06-13T09:15:16.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper neutralization of special elements used in an OS command vulnerability [CWE-78]\u00a0in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments\u00a0in diagnose system df CLI command."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-107",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-288xx/CVE-2023-28829.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28829",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:16.707",
"lastModified": "2023-06-13T09:15:16.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These\r\nservices were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-477"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-508677.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-291xx/CVE-2023-29129.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-29129",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:16.767",
"lastModified": "2023-06-13T09:15:16.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0). The affected versions of the module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.\r\n\r\nThis CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-303"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-851884.pdf",
"source": "productcert@siemens.com"
}
]
}

43
CVE-2023/CVE-2023-291xx/CVE-2023-29175.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29175",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:17.027",
"lastModified": "2023-06-13T09:15:17.027",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote\u00a0FortiGuard's map server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-468",
"source": "psirt@fortinet.com"
}
]
}

43
CVE-2023/CVE-2023-291xx/CVE-2023-29178.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-29178",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:17.077",
"lastModified": "2023-06-13T09:15:17.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-095",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30757.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30757",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:17.323",
"lastModified": "2023-06-13T09:15:17.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated.\r\n\r\nThis could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-042050.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-308xx/CVE-2023-30897.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30897",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:17.703",
"lastModified": "2023-06-13T09:15:17.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.\r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-309xx/CVE-2023-30901.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30901",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:17.763",
"lastModified": "2023-06-13T09:15:17.763",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31238.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31238",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.093",
"lastModified": "2023-06-13T09:15:18.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q200 family (All versions < V2.70). Affected devices are missing cookie protection flags when using the default settings. An attacker who gains access to a session token can use it to impersonate a legitimate application user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-887249.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-331xx/CVE-2023-33121.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33121",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.323",
"lastModified": "2023-06-13T09:15:18.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-331xx/CVE-2023-33122.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33122",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.380",
"lastModified": "2023-06-13T09:15:18.380",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted CGM file. This vulnerability could allow an attacker to disclose sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-331xx/CVE-2023-33123.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33123",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.437",
"lastModified": "2023-06-13T09:15:18.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-331xx/CVE-2023-33124.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33124",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.500",
"lastModified": "2023-06-13T09:15:18.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3). The affected applications contain a memory corruption vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538795.pdf",
"source": "productcert@siemens.com"
}
]
}

43
CVE-2023/CVE-2023-333xx/CVE-2023-33305.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-33305",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2023-06-13T09:15:18.563",
"lastModified": "2023-06-13T09:15:18.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-22-375",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2023/CVE-2023-339xx/CVE-2023-33919.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33919",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.620",
"lastModified": "2023-06-13T09:15:18.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-339xx/CVE-2023-33920.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33920",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.677",
"lastModified": "2023-06-13T09:15:18.677",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password in a hard-coded form, which could be exploited for UART console login to the device. An attacker with direct physical access could exploit this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com"
}
]
}

55
CVE-2023/CVE-2023-339xx/CVE-2023-33921.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-33921",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.733",
"lastModified": "2023-06-13T09:15:18.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to login to the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com"
}
]
}

54
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-06-13T08:00:33.400134+00:00
2023-06-13T10:00:27.326675+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-06-13T07:15:46.460000+00:00
2023-06-13T09:15:18.733000+00:00
```
### Last Data Feed Release
@ -29,21 +29,61 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
217500
217534
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `34`
* [CVE-2023-0142](CVE-2023/CVE-2023-01xx/CVE-2023-0142.json) (`2023-06-13T07:15:46.203`)
* [CVE-2023-2673](CVE-2023/CVE-2023-26xx/CVE-2023-2673.json) (`2023-06-13T07:15:46.460`)
* [CVE-2023-22639](CVE-2023/CVE-2023-226xx/CVE-2023-22639.json) (`2023-06-13T09:15:16.177`)
* [CVE-2023-25609](CVE-2023/CVE-2023-256xx/CVE-2023-25609.json) (`2023-06-13T09:15:16.227`)
* [CVE-2023-25910](CVE-2023/CVE-2023-259xx/CVE-2023-25910.json) (`2023-06-13T09:15:16.280`)
* [CVE-2023-26204](CVE-2023/CVE-2023-262xx/CVE-2023-26204.json) (`2023-06-13T09:15:16.417`)
* [CVE-2023-26207](CVE-2023/CVE-2023-262xx/CVE-2023-26207.json) (`2023-06-13T09:15:16.467`)
* [CVE-2023-26210](CVE-2023/CVE-2023-262xx/CVE-2023-26210.json) (`2023-06-13T09:15:16.510`)
* [CVE-2023-27465](CVE-2023/CVE-2023-274xx/CVE-2023-27465.json) (`2023-06-13T09:15:16.557`)
* [CVE-2023-27997](CVE-2023/CVE-2023-279xx/CVE-2023-27997.json) (`2023-06-13T09:15:16.613`)
* [CVE-2023-28000](CVE-2023/CVE-2023-280xx/CVE-2023-28000.json) (`2023-06-13T09:15:16.660`)
* [CVE-2023-28829](CVE-2023/CVE-2023-288xx/CVE-2023-28829.json) (`2023-06-13T09:15:16.707`)
* [CVE-2023-29129](CVE-2023/CVE-2023-291xx/CVE-2023-29129.json) (`2023-06-13T09:15:16.767`)
* [CVE-2023-29175](CVE-2023/CVE-2023-291xx/CVE-2023-29175.json) (`2023-06-13T09:15:17.027`)
* [CVE-2023-29178](CVE-2023/CVE-2023-291xx/CVE-2023-29178.json) (`2023-06-13T09:15:17.077`)
* [CVE-2023-30757](CVE-2023/CVE-2023-307xx/CVE-2023-30757.json) (`2023-06-13T09:15:17.323`)
* [CVE-2023-30897](CVE-2023/CVE-2023-308xx/CVE-2023-30897.json) (`2023-06-13T09:15:17.703`)
* [CVE-2023-30901](CVE-2023/CVE-2023-309xx/CVE-2023-30901.json) (`2023-06-13T09:15:17.763`)
* [CVE-2023-31238](CVE-2023/CVE-2023-312xx/CVE-2023-31238.json) (`2023-06-13T09:15:18.093`)
* [CVE-2023-33121](CVE-2023/CVE-2023-331xx/CVE-2023-33121.json) (`2023-06-13T09:15:18.323`)
* [CVE-2023-33122](CVE-2023/CVE-2023-331xx/CVE-2023-33122.json) (`2023-06-13T09:15:18.380`)
* [CVE-2023-33123](CVE-2023/CVE-2023-331xx/CVE-2023-33123.json) (`2023-06-13T09:15:18.437`)
* [CVE-2023-33124](CVE-2023/CVE-2023-331xx/CVE-2023-33124.json) (`2023-06-13T09:15:18.500`)
* [CVE-2023-33305](CVE-2023/CVE-2023-333xx/CVE-2023-33305.json) (`2023-06-13T09:15:18.563`)
* [CVE-2023-33919](CVE-2023/CVE-2023-339xx/CVE-2023-33919.json) (`2023-06-13T09:15:18.620`)
* [CVE-2023-33920](CVE-2023/CVE-2023-339xx/CVE-2023-33920.json) (`2023-06-13T09:15:18.677`)
* [CVE-2023-33921](CVE-2023/CVE-2023-339xx/CVE-2023-33921.json) (`2023-06-13T09:15:18.733`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `17`
* [CVE-2018-4834](CVE-2018/CVE-2018-48xx/CVE-2018-4834.json) (`2023-06-13T09:15:13.620`)
* [CVE-2022-31465](CVE-2022/CVE-2022-314xx/CVE-2022-31465.json) (`2023-06-13T09:15:14.300`)
* [CVE-2022-39136](CVE-2022/CVE-2022-391xx/CVE-2022-39136.json) (`2023-06-13T09:15:14.517`)
* [CVE-2022-40226](CVE-2022/CVE-2022-402xx/CVE-2022-40226.json) (`2023-06-13T09:15:14.680`)
* [CVE-2022-41660](CVE-2022/CVE-2022-416xx/CVE-2022-41660.json) (`2023-06-13T09:15:15.023`)
* [CVE-2022-41661](CVE-2022/CVE-2022-416xx/CVE-2022-41661.json) (`2023-06-13T09:15:15.097`)
* [CVE-2022-41662](CVE-2022/CVE-2022-416xx/CVE-2022-41662.json) (`2023-06-13T09:15:15.177`)
* [CVE-2022-41663](CVE-2022/CVE-2022-416xx/CVE-2022-41663.json) (`2023-06-13T09:15:15.243`)
* [CVE-2022-41664](CVE-2022/CVE-2022-416xx/CVE-2022-41664.json) (`2023-06-13T09:15:15.310`)
* [CVE-2022-41665](CVE-2022/CVE-2022-416xx/CVE-2022-41665.json) (`2023-06-13T09:15:15.380`)
* [CVE-2022-43398](CVE-2022/CVE-2022-433xx/CVE-2022-43398.json) (`2023-06-13T09:15:15.707`)
* [CVE-2022-43439](CVE-2022/CVE-2022-434xx/CVE-2022-43439.json) (`2023-06-13T09:15:15.790`)
* [CVE-2022-43545](CVE-2022/CVE-2022-435xx/CVE-2022-43545.json) (`2023-06-13T09:15:15.870`)
* [CVE-2022-43546](CVE-2022/CVE-2022-435xx/CVE-2022-43546.json) (`2023-06-13T09:15:15.957`)
* [CVE-2023-1323](CVE-2023/CVE-2023-13xx/CVE-2023-1323.json) (`2023-06-13T08:15:09.070`)
* [CVE-2023-2518](CVE-2023/CVE-2023-25xx/CVE-2023-2518.json) (`2023-06-13T08:15:09.163`)
* [CVE-2023-25957](CVE-2023/CVE-2023-259xx/CVE-2023-25957.json) (`2023-06-13T09:15:16.340`)
## Download and Usage