admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-13T10:00:18.540667+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-13 10:03:13 +00:00
parent 083a6c1d9d
commit 4f1350f05d
54 changed files with 2203 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2022/CVE-2022-358xx/CVE-2022-35868.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-35868",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-02-14T11:15:12.847",
"lastModified": "2024-02-08T18:40:59.770",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-13T08:15:05.163",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server\u00a0 (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path."
"value": "A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path."
}
],
"metrics": {
@ -130,6 +130,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-640968.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf",
"source": "productcert@siemens.com",

10
CVE-2022/CVE-2022-461xx/CVE-2022-46143.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46143",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:25.137",
"lastModified": "2023-12-12T12:15:10.230",
"lastModified": "2024-08-13T08:15:05.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -2817,6 +2817,14 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
"source": "productcert@siemens.com"

10
CVE-2023/CVE-2023-262xx/CVE-2023-26293.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-26293",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-04-11T10:15:18.157",
"lastModified": "2024-02-01T15:19:36.830",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-13T08:15:05.880",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution."
"value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution."
}
],
"metrics": {
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf",
"source": "productcert@siemens.com",

28
CVE-2023/CVE-2023-385xx/CVE-2023-38522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38522",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-26T10:15:01.923",
"lastModified": "2024-08-12T13:38:32.837",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-13T09:15:04.310",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -61,7 +61,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
@ -70,25 +70,25 @@
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-86"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-385xx/CVE-2023-38527.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-38527",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:15.923",
"lastModified": "2024-06-11T12:15:11.363",
"lastModified": "2024-08-13T08:15:06.110",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-385xx/CVE-2023-38529.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-38529",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.127",
"lastModified": "2024-06-11T12:15:11.633",
"lastModified": "2024-08-13T08:15:06.310",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-385xx/CVE-2023-38531.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-38531",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-08-08T10:15:16.317",
"lastModified": "2024-06-11T12:15:11.907",
"lastModified": "2024-08-13T08:15:06.457",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44317.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44317",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.067",
"lastModified": "2024-06-11T09:15:13.730",
"lastModified": "2024-08-13T08:15:06.607",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44319.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44319",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.510",
"lastModified": "2024-06-11T09:15:14.940",
"lastModified": "2024-08-13T08:15:07.073",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
},
{
"lang": "es",

8
CVE-2023/CVE-2023-443xx/CVE-2023-44320.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44320",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.757",
"lastModified": "2024-02-13T09:15:44.340",
"lastModified": "2024-08-13T08:15:07.287",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
},
{
"lang": "es",
@ -2062,6 +2062,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
"source": "productcert@siemens.com"

6
CVE-2023/CVE-2023-443xx/CVE-2023-44321.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44321",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.973",
"lastModified": "2024-06-11T12:15:12.800",
"lastModified": "2024-08-13T08:15:07.533",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -2106,6 +2106,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
"source": "productcert@siemens.com"

4
CVE-2023/CVE-2023-443xx/CVE-2023-44322.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44322",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.187",
"lastModified": "2024-02-13T09:15:44.733",
"lastModified": "2024-08-13T08:15:07.770",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
},
{
"lang": "es",

48
CVE-2023/CVE-2023-443xx/CVE-2023-44373.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44373",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.417",
"lastModified": "2024-06-11T09:15:15.377",
"lastModified": "2024-08-13T08:15:08.033",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44374.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44374",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.753",
"lastModified": "2024-06-11T09:15:15.990",
"lastModified": "2024-08-13T08:15:08.297",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges."
},
{
"lang": "es",

8
CVE-2023/CVE-2023-462xx/CVE-2023-46280.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46280",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:15:40.800",
"lastModified": "2024-07-09T12:15:09.983",
"lastModified": "2024-08-13T08:15:08.500",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
},
{
"lang": "es",
@ -96,6 +96,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html",
"source": "productcert@siemens.com"

4
CVE-2023/CVE-2023-462xx/CVE-2023-46281.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46281",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.653",
"lastModified": "2024-05-14T16:15:42.297",
"lastModified": "2024-08-13T08:15:08.660",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46282.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46282",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.870",
"lastModified": "2024-05-14T16:15:43.203",
"lastModified": "2024-08-13T08:15:08.813",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46283.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46283",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.067",
"lastModified": "2024-05-14T16:15:44.003",
"lastModified": "2024-08-13T08:15:08.950",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46284.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46284",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.273",
"lastModified": "2024-05-14T16:15:45.017",
"lastModified": "2024-08-13T08:15:09.073",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46285.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46285",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.477",
"lastModified": "2024-05-14T16:15:45.917",
"lastModified": "2024-08-13T08:15:09.193",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-496xx/CVE-2023-49691.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-49691",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:15.990",
"lastModified": "2024-06-11T09:15:16.840",
"lastModified": "2024-08-13T08:15:09.340",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-496xx/CVE-2023-49692.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-49692",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:16.203",
"lastModified": "2024-02-13T09:15:46.507",
"lastModified": "2024-08-13T08:15:09.553",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26275.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-26275",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-04-09T09:15:24.260",
"lastModified": "2024-06-11T12:15:14.017",
"lastModified": "2024-08-13T08:15:09.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26276.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-26276",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-04-09T09:15:24.457",
"lastModified": "2024-06-11T12:15:14.153",
"lastModified": "2024-08-13T08:15:09.880",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-262xx/CVE-2024-26277.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-26277",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-04-09T09:15:24.670",
"lastModified": "2024-06-11T12:15:14.273",
"lastModified": "2024-08-13T08:15:10.003",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",

52
CVE-2024/CVE-2024-326xx/CVE-2024-32635.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-32635",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:04.387",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-08-13T08:15:10.120",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
@ -55,6 +99,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html",
"source": "productcert@siemens.com"
}
]
}

52
CVE-2024/CVE-2024-326xx/CVE-2024-32636.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-32636",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:05.553",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-08-13T08:15:10.260",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
@ -55,6 +99,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html",
"source": "productcert@siemens.com"
}
]
}

52
CVE-2024/CVE-2024-326xx/CVE-2024-32637.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-32637",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:17:06.590",
"lastModified": "2024-05-14T19:17:55.627",
"lastModified": "2024-08-13T08:15:10.400",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
"value": "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
@ -55,6 +99,10 @@
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html",
"source": "productcert@siemens.com"
}
]
}

10
CVE-2024/CVE-2024-351xx/CVE-2024-35161.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35161",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-26T10:15:02.567",
"lastModified": "2024-08-12T13:39:50.477",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-13T09:15:04.610",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -61,7 +61,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
@ -71,12 +71,12 @@
]
},
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-444"
}
]
}

100
CVE-2024/CVE-2024-363xx/CVE-2024-36398.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-36398",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:10.540",
"lastModified": "2024-08-13T08:15:10.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"source": "productcert@siemens.com"
}
]
}

4
CVE-2024/CVE-2024-388xx/CVE-2024-38867.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38867",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-09T12:15:15.750",
"lastModified": "2024-07-09T18:19:14.047",
"lastModified": "2024-08-13T08:15:10.817",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). \r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from those ports."
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). \r\nThis could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-388xx/CVE-2024-38876.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38876",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:41.643",
"lastModified": "2024-08-02T12:59:43.990",
"lastModified": "2024-08-13T08:15:10.983",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions >= R9.2), Omnivise T3000 Domain Controller (All versions >= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions >= R9.2), Omnivise\u00a0T3000 Terminal Server (All versions >= R9.2), Omnivise T3000 Thin Client (All versions >= R9.2), Omnivise T3000 Whitelisting Server (All versions >= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges."
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-388xx/CVE-2024-38877.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38877",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:41.957",
"lastModified": "2024-08-02T12:59:43.990",
"lastModified": "2024-08-13T08:15:11.140",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions), Omnivise T3000 Domain Controller (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) (All versions), Omnivise T3000 Product Data Management (PDM) (All versions), Omnivise T3000 Security Server (All versions), Omnivise\u00a0T3000 Terminal Server (All versions), Omnivise T3000 Thin Client (All versions), Omnivise T3000 Whitelisting Server (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network."
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-388xx/CVE-2024-38878.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38878",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:42.260",
"lastModified": "2024-08-02T12:59:43.990",
"lastModified": "2024-08-13T08:15:11.293",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-388xx/CVE-2024-38879.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38879",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-02T11:16:42.510",
"lastModified": "2024-08-02T12:59:43.990",
"lastModified": "2024-08-13T08:15:11.433",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application."
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application."
},
{
"lang": "es",

100
CVE-2024/CVE-2024-399xx/CVE-2024-39922.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39922",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:11.567",
"lastModified": "2024-08-13T08:15:11.567",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-921449.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-416xx/CVE-2024-41681.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41681",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:11.847",
"lastModified": "2024-08-13T08:15:11.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-416xx/CVE-2024-41682.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41682",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:12.167",
"lastModified": "2024-08-13T08:15:12.167",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-416xx/CVE-2024-41683.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41683",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:12.440",
"lastModified": "2024-08-13T08:15:12.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41903.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41903",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:12.717",
"lastModified": "2024-08-13T08:15:12.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41904.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41904",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.003",
"lastModified": "2024-08-13T08:15:13.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41905.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41905",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.250",
"lastModified": "2024-08-13T08:15:13.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.6,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41906.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41906",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.560",
"lastModified": "2024-08-13T08:15:13.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-524"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41907.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41907",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:13.813",
"lastModified": "2024-08-13T08:15:13.813",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-358"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41908.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41908",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.110",
"lastModified": "2024-08-13T08:15:14.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-357412.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41938.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41938",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.353",
"lastModified": "2024-08-13T08:15:14.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41939.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41939",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.610",
"lastModified": "2024-08-13T08:15:14.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41940.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41940",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:14.890",
"lastModified": "2024-08-13T08:15:14.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41941.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41941",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.160",
"lastModified": "2024-08-13T08:15:15.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41976.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41976",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.403",
"lastModified": "2024-08-13T08:15:15.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41977.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41977",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.640",
"lastModified": "2024-08-13T08:15:15.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-488"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html",
"source": "productcert@siemens.com"
}
]
}

100
CVE-2024/CVE-2024-419xx/CVE-2024-41978.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-41978",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-08-13T08:15:15.903",
"lastModified": "2024-08-13T08:15:15.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices insert sensitive information about the generation of 2FA tokens into log files. This could allow an authenticated remote attacker to forge 2FA tokens of other users."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html",
"source": "productcert@siemens.com"
}
]
}

57
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-13T08:00:25.647843+00:00
2024-08-13T10:00:18.540667+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-13T07:15:13.677000+00:00
2024-08-13T09:15:04.610000+00:00
```
### Last Data Feed Release
@ -33,23 +33,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
259667
259685
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `18`
- [CVE-2024-6724](CVE-2024/CVE-2024-67xx/CVE-2024-6724.json) (`2024-08-13T06:15:04.083`)
- [CVE-2024-6823](CVE-2024/CVE-2024-68xx/CVE-2024-6823.json) (`2024-08-13T06:15:05.120`)
- [CVE-2024-7247](CVE-2024/CVE-2024-72xx/CVE-2024-7247.json) (`2024-08-13T06:15:05.777`)
- [CVE-2024-7715](CVE-2024/CVE-2024-77xx/CVE-2024-7715.json) (`2024-08-13T07:15:13.677`)
- [CVE-2024-36398](CVE-2024/CVE-2024-363xx/CVE-2024-36398.json) (`2024-08-13T08:15:10.540`)
- [CVE-2024-39922](CVE-2024/CVE-2024-399xx/CVE-2024-39922.json) (`2024-08-13T08:15:11.567`)
- [CVE-2024-41681](CVE-2024/CVE-2024-416xx/CVE-2024-41681.json) (`2024-08-13T08:15:11.847`)
- [CVE-2024-41682](CVE-2024/CVE-2024-416xx/CVE-2024-41682.json) (`2024-08-13T08:15:12.167`)
- [CVE-2024-41683](CVE-2024/CVE-2024-416xx/CVE-2024-41683.json) (`2024-08-13T08:15:12.440`)
- [CVE-2024-41903](CVE-2024/CVE-2024-419xx/CVE-2024-41903.json) (`2024-08-13T08:15:12.717`)
- [CVE-2024-41904](CVE-2024/CVE-2024-419xx/CVE-2024-41904.json) (`2024-08-13T08:15:13.003`)
- [CVE-2024-41905](CVE-2024/CVE-2024-419xx/CVE-2024-41905.json) (`2024-08-13T08:15:13.250`)
- [CVE-2024-41906](CVE-2024/CVE-2024-419xx/CVE-2024-41906.json) (`2024-08-13T08:15:13.560`)
- [CVE-2024-41907](CVE-2024/CVE-2024-419xx/CVE-2024-41907.json) (`2024-08-13T08:15:13.813`)
- [CVE-2024-41908](CVE-2024/CVE-2024-419xx/CVE-2024-41908.json) (`2024-08-13T08:15:14.110`)
- [CVE-2024-41938](CVE-2024/CVE-2024-419xx/CVE-2024-41938.json) (`2024-08-13T08:15:14.353`)
- [CVE-2024-41939](CVE-2024/CVE-2024-419xx/CVE-2024-41939.json) (`2024-08-13T08:15:14.610`)
- [CVE-2024-41940](CVE-2024/CVE-2024-419xx/CVE-2024-41940.json) (`2024-08-13T08:15:14.890`)
- [CVE-2024-41941](CVE-2024/CVE-2024-419xx/CVE-2024-41941.json) (`2024-08-13T08:15:15.160`)
- [CVE-2024-41976](CVE-2024/CVE-2024-419xx/CVE-2024-41976.json) (`2024-08-13T08:15:15.403`)
- [CVE-2024-41977](CVE-2024/CVE-2024-419xx/CVE-2024-41977.json) (`2024-08-13T08:15:15.640`)
- [CVE-2024-41978](CVE-2024/CVE-2024-419xx/CVE-2024-41978.json) (`2024-08-13T08:15:15.903`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `34`
- [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2024-08-13T08:15:07.287`)
- [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2024-08-13T08:15:07.533`)
- [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2024-08-13T08:15:07.770`)
- [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2024-08-13T08:15:08.033`)
- [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2024-08-13T08:15:08.297`)
- [CVE-2023-46280](CVE-2023/CVE-2023-462xx/CVE-2023-46280.json) (`2024-08-13T08:15:08.500`)
- [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-08-13T08:15:08.660`)
- [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-08-13T08:15:08.813`)
- [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-08-13T08:15:08.950`)
- [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-08-13T08:15:09.073`)
- [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-08-13T08:15:09.193`)
- [CVE-2023-49691](CVE-2023/CVE-2023-496xx/CVE-2023-49691.json) (`2024-08-13T08:15:09.340`)
- [CVE-2023-49692](CVE-2023/CVE-2023-496xx/CVE-2023-49692.json) (`2024-08-13T08:15:09.553`)
- [CVE-2024-26275](CVE-2024/CVE-2024-262xx/CVE-2024-26275.json) (`2024-08-13T08:15:09.747`)
- [CVE-2024-26276](CVE-2024/CVE-2024-262xx/CVE-2024-26276.json) (`2024-08-13T08:15:09.880`)
- [CVE-2024-26277](CVE-2024/CVE-2024-262xx/CVE-2024-26277.json) (`2024-08-13T08:15:10.003`)
- [CVE-2024-32635](CVE-2024/CVE-2024-326xx/CVE-2024-32635.json) (`2024-08-13T08:15:10.120`)
- [CVE-2024-32636](CVE-2024/CVE-2024-326xx/CVE-2024-32636.json) (`2024-08-13T08:15:10.260`)
- [CVE-2024-32637](CVE-2024/CVE-2024-326xx/CVE-2024-32637.json) (`2024-08-13T08:15:10.400`)
- [CVE-2024-35161](CVE-2024/CVE-2024-351xx/CVE-2024-35161.json) (`2024-08-13T09:15:04.610`)
- [CVE-2024-38867](CVE-2024/CVE-2024-388xx/CVE-2024-38867.json) (`2024-08-13T08:15:10.817`)
- [CVE-2024-38876](CVE-2024/CVE-2024-388xx/CVE-2024-38876.json) (`2024-08-13T08:15:10.983`)
- [CVE-2024-38877](CVE-2024/CVE-2024-388xx/CVE-2024-38877.json) (`2024-08-13T08:15:11.140`)
- [CVE-2024-38878](CVE-2024/CVE-2024-388xx/CVE-2024-38878.json) (`2024-08-13T08:15:11.293`)
- [CVE-2024-38879](CVE-2024/CVE-2024-388xx/CVE-2024-38879.json) (`2024-08-13T08:15:11.433`)
## Download and Usage

94
_state.csv
View File

@ -202743,7 +202743,7 @@ CVE-2022-35864,0,0,1bfae45976b1ab402048c441952a0730ac732c7b125fee3474183c0ed1916
CVE-2022-35865,0,0,13db658c4f9fa51aa824acb6d7ab73b34dc88bc4061dbb82373ab1cfa301e49d,2022-08-09T16:02:59.510000
CVE-2022-35866,0,0,6eaa7476382bcac4a410312782e81300475b6119e48955b3be4d4924457f5ac0,2024-01-26T17:15:09.150000
CVE-2022-35867,0,0,4e98aaef4d8528a422de359562f3980ea48bcfdca0330eb4a91995c98b69347d,2022-08-09T17:09:45.950000
CVE-2022-35868,0,0,cf7c7c871879f92225a771d98bd3aa6973e025219cbcd52743e8a27bc60dc53b,2024-02-08T18:40:59.770000
CVE-2022-35868,0,1,7e3d72eb7bd2c8ddbc0a9c81ae221fdabf131ffecf6dbede8b1d30f468145d5c,2024-08-13T08:15:05.163000
CVE-2022-35869,0,0,0f972661f0e63c0eacd04a1a216ca22f6989a6e80b61e3d22ecb897c4052298d,2022-08-03T16:56:53.823000
CVE-2022-3587,0,0,cb951b8eea81bde9fedd4667bfd99ebcc9b6ae339be708c81e3b30d07e55c1a4,2023-12-28T16:46:19.600000
CVE-2022-35870,0,0,b1418410196ae5e521edfaf75de133f2c3b09c4ed39790f38b17949dc2d7375c,2022-08-03T16:53:38.657000
@ -210394,7 +210394,7 @@ CVE-2022-4614,0,0,7a88b9ab43606aa2914a80ea88031f70b341635413883b9e98c0a9e68e11c6
CVE-2022-46140,0,0,0712d38e67b0ea79032215b4bf74ff40ac887fbb82d84f667826d6e174499b4a,2023-03-14T10:15:23.297000
CVE-2022-46141,0,0,7e8b1bd776ac3ead1331d8517aad43a677ddf61c6250b76e8d2fe91ca8d647d2,2023-12-15T15:25:08.557000
CVE-2022-46142,0,0,20adf9da98863cb88194bbb7f513fc1ee61c018019bc165f3c2b2a49e9c660b3,2023-03-14T10:15:24.137000
CVE-2022-46143,0,0,8d7318c5b07f9c6022a971b6865552b01e7d182523948ddbb15d49630db9c740,2023-12-12T12:15:10.230000
CVE-2022-46143,0,1,b2840c246c8f5cf8b044875496df1888552d6b323ee32c20f66a96f8ea7c1783,2024-08-13T08:15:05.483000
CVE-2022-46144,0,0,9f4d0a1d99f33ccf042d56c5770f1a63b93ead0d06152f6e232560517cd2ac5f,2024-06-11T09:15:12.590000
CVE-2022-46145,0,0,6bbab686c5e58e3eba776c5bf03bc3a160f730f487ff34eb9da030dbc8db223a,2023-06-23T17:54:04.830000
CVE-2022-46146,0,0,7165ae3c480087b46becbb3e46119b1ead04bccea1432ff5ddbe81728aa47431,2024-01-12T12:15:45.110000
@ -219551,7 +219551,7 @@ CVE-2023-2629,0,0,21397e525ac41df26b8c18bc0045d1b7263f8621bfadf0b1224b0c2fbfedb9
CVE-2023-26290,0,0,b45b134fbb8059d4d4a1ebae8fcfa511a842f92cfbbd7470a968c4d99358ab04,2023-11-07T04:09:33.393000
CVE-2023-26291,0,0,06cc66dbb2bc40c140a9d706389f20fb4cb58bd9ff5dd353e4433818c6edbc38,2023-11-07T04:09:33.470000
CVE-2023-26292,0,0,6b6a08faca6011f65bd54a771eac398f442833e03384acc6e7bddbe0e1b409c1,2023-11-07T04:09:33.547000
CVE-2023-26293,0,0,2a0bb028d9e82ec18ab7f751833c8c38858c13274d40e6be5a8f2a53555cfc97,2024-02-01T15:19:36.830000
CVE-2023-26293,0,1,10ed6049b197b4081e362a20e4edecaffca5f5eb8f26627f0110e2d6ae638156,2024-08-13T08:15:05.880000
CVE-2023-26294,0,0,e1c003d89d6db5b0f3e03a2c8162e2cc504399d8e80fb184d565d393352ecd42,2023-06-16T18:48:22.633000
CVE-2023-26295,0,0,f04dfda8467c2311140c5490a6147562bfccf02c6808128b029721bd51c00d2c,2023-06-20T19:49:05.647000
CVE-2023-26296,0,0,92b400319439208ff67eea4ac1d130d48a5e4b5eb1567aea02b1dbcf32e6a990,2023-06-20T19:48:53.800000
@ -228856,17 +228856,17 @@ CVE-2023-38519,0,0,6feaff72ade735a2704fe8b8d9fef165f38317b422d397afb665c1d949162
CVE-2023-3852,0,0,2e1924f99097894c16104baab278a5a9ebf2db30430b465cf669815f850b7012,2024-05-17T02:27:53.627000
CVE-2023-38520,0,0,197a50cf0e44468d0337f27c399e1eb786a843546ac6c93f4b96fc50b52947ed,2024-06-04T16:57:41.053000
CVE-2023-38521,0,0,db18a9cb610e915922179831c59c7c6fe34d72db737eedb8a3400ffd344e745d,2023-09-08T06:42:06.290000
CVE-2023-38522,0,0,401fd9824fc98a507aca78cc7a85a7f2df19d6e78b6d29af8bc4a614835ee5d3,2024-08-12T13:38:32.837000
CVE-2023-38522,0,1,3705cb7abacfca0d330b8bf15cb363bf3ff75592fdecba113317ee3087bef4c7,2024-08-13T09:15:04.310000
CVE-2023-38523,0,0,4aeddda5cda4b987f05bc442064079c7a51cd36ed6a7d399ee18b0f7f42fa30b,2023-08-01T15:24:35.470000
CVE-2023-38524,0,0,c9e82639b2360f7e976dd3c089d1e601c218712b31ea68380c38a40a316e9b16,2024-06-11T12:15:10.860000
CVE-2023-38525,0,0,a4b40a45af79e11e4c16594d15803bcacdf8a6cc50b68a023dfce812a89911bf,2024-06-11T12:15:11.073000
CVE-2023-38526,0,0,5c1b7c780b6ac94326eca1359e72390c8acae17eb185ba53be64dc13bb8d2f48,2024-06-11T12:15:11.213000
CVE-2023-38527,0,0,b7e4202f4d6a64aeb24dcfa5bda2e2f53327ae2bc9397e6629ab5baeac9e277b,2024-06-11T12:15:11.363000
CVE-2023-38527,0,1,bc1db887124c7f9708bbeb42c797729ab4a02bda89b6004c3e1eb19bd6310f4e,2024-08-13T08:15:06.110000
CVE-2023-38528,0,0,ecef100a8025d9e21349c7141a0f1437d6a269ac3c505cd935121d3166959698,2024-06-11T12:15:11.500000
CVE-2023-38529,0,0,6ac03dde81d47e4492bb9f34b64497df7f66144ab9a661a6c9d8d13cea5183cc,2024-06-11T12:15:11.633000
CVE-2023-38529,0,1,196f9e17e9512b17adbc0e97b216938a72092e0f36c413cc7fdfef87ddd308c0,2024-08-13T08:15:06.310000
CVE-2023-3853,0,0,122bf89d59764340de7782babfbd508593fee48979cc152d1ef2930b153133be,2024-05-17T02:27:53.740000
CVE-2023-38530,0,0,6072192cedd4af889097aa33d0b65fb33aed0c4d5231786be68fa212782c35b8,2024-06-11T12:15:11.777000
CVE-2023-38531,0,0,29e9561d7b8cb0d1af9d869e8e788a3d45bcfeb98a371dbf098a8e26783c32cb,2024-06-11T12:15:11.907000
CVE-2023-38531,0,1,a33fc6a54c5564cdb0aaca3d3d4510d19dd0972300a86b75a4bf042cebe110dc,2024-08-13T08:15:06.457000
CVE-2023-38532,0,0,523600b2a5028799263d298578c45fbee089e386d5a006abf211c6d0746e4b89,2024-06-11T12:15:12.053000
CVE-2023-38533,0,0,08104e07a00f54f81d588c890fadfea850ee2ddb32235187b01cc48bd44be939,2024-06-11T13:54:12.057000
CVE-2023-38534,0,0,faa4dbd5a129861ba727722b7a204dbec0cc464a8563ca6b84ca79b2877cdfa5,2024-03-14T12:52:16.723000
@ -233163,13 +233163,13 @@ CVE-2023-44311,0,0,9f636032c75ac4719bb65806f83757bdf9682aff3f1b2894f2cbe3ab5b109
CVE-2023-44312,0,0,b55f0bed5b32fb9a10fa80dd795e2a2db26a169b62814fff44ce562370ac3d2a,2024-02-08T17:08:11.110000
CVE-2023-44313,0,0,788473dd20e15d46c26fea0a15a6b80abab92e76b77692224f7f5c1f6f19eb2b,2024-02-08T17:13:28.083000
CVE-2023-44315,0,0,989ee8dd510367f8ebba5e7cf28e331f132b578d9ff891d305f14cbf78005dc7,2024-07-09T12:15:09.857000
CVE-2023-44317,0,0,d2022ba74698ea47de87a5f674557315a20bd3440db2f108285f8ec6b211a180,2024-06-11T09:15:13.730000
CVE-2023-44317,0,1,5b40f3b137944ee7309810dc95cd6d4561ca4a6369ab8f1b610de660d4d5af0a,2024-08-13T08:15:06.607000
CVE-2023-44318,0,0,341d3d7b5d255dfa45a58efd8e36917c2d894512ced069601d4078d3de342de5,2024-06-11T09:15:14.333000
CVE-2023-44319,0,0,0a92c1266cf4eac4f301a94e072ee383dad6f2e429dbc0a88f129c2007029611,2024-06-11T09:15:14.940000
CVE-2023-44319,0,1,f1034bb4c3cfa156461340b46c9ac77771e8f34bb839833cb765da35f2c64cf9,2024-08-13T08:15:07.073000
CVE-2023-4432,0,0,51ff4ba9dfac44079fda611bd0d9b919e7063984434f59354de6e0beba3ce6e3,2023-08-23T16:58:29.763000
CVE-2023-44320,0,0,ab2e4cb22642f02eea121f0471abf899d497f57073e6b778f071d0956c246e5d,2024-02-13T09:15:44.340000
CVE-2023-44321,0,0,2fb3b5c1781f8ca576720814fca8d2072c6e7ce56c771166d63ffb3299f5854b,2024-06-11T12:15:12.800000
CVE-2023-44322,0,0,4f5842d8581f4ab93226477e1336b510230a19893c843a57e93f177822cffcaa,2024-02-13T09:15:44.733000
CVE-2023-44320,0,1,6344f9126342aa35fddb910bc60595b9532030a76bd0ffdb7a12da43fa45332e,2024-08-13T08:15:07.287000
CVE-2023-44321,0,1,4d96c3edcd86c04f8abee4e92403b97d81a1c6794e81f7b6e407b7f611741095,2024-08-13T08:15:07.533000
CVE-2023-44322,0,1,68f374f6c0b9ad2f427fc2e63de583c593c2eb890681d350c1db40e225e7d171,2024-08-13T08:15:07.770000
CVE-2023-44323,0,0,ff7a9922bdf6aa8039277a81ef2b9c6d30bece716d751d01a8b5f0e2e31e9add,2023-11-08T00:23:53.110000
CVE-2023-44324,0,0,3faf2d9f8507ba59dbb4d74e2c7ec76f2ac9734c35d28ed63f184027d317a1ed,2024-03-15T10:15:07.113000
CVE-2023-44325,0,0,4a9167d4b6576a59a7ad78436610e1cb61d6cc273b43ad752f5396b11d83fe6a,2023-11-22T17:44:29.977000
@ -233218,8 +233218,8 @@ CVE-2023-44367,0,0,b2fa876e2c5c15f1395c9e41b01f1feb1719988292d1815b87ad4714f259d
CVE-2023-4437,0,0,df0a9da3302d6af0df861f09577d9469303f893542a9e5ce64396ce50e5aa37d,2024-05-17T02:31:33.640000
CVE-2023-44371,0,0,bcac815259e9d0d227b6d57ce65befcbec474b70d67e89fe586add9b777aa421,2023-11-22T16:58:39.573000
CVE-2023-44372,0,0,eb6ed7074e4d7482b32cad1947a98bab6eedf35acd3f76700b52a63bd165fe2b,2024-02-23T19:15:08.467000
CVE-2023-44373,0,0,36be5111f1c82b312e13f9ca6736d629eee8d406286134efef428b71aaae21ec,2024-06-11T09:15:15.377000
CVE-2023-44374,0,0,ff25dd8550316b1e82470741ecf8bf52e7bb6b1d44771545d17eaf0baf5bf15f,2024-06-11T09:15:15.990000
CVE-2023-44373,0,1,679e0f962cd10fe14e819ad59b51216c7708bba227ed36e648b8743542ab3d31,2024-08-13T08:15:08.033000
CVE-2023-44374,0,1,b430949d488bb1a5130f412c5e0ae44503ab5e89484424fe561aaa673c3bb077,2024-08-13T08:15:08.297000
CVE-2023-44375,0,0,48b5cc51553000a2cfa67cea7f8a951d3659b6e093f2df35e76499db8afb9eef,2024-01-02T19:15:10.480000
CVE-2023-44376,0,0,03f27121c4f8ffca1841f5abcc6f000d7525e270077c8b212bbafd4e41d1bb9e,2024-01-02T19:15:10.550000
CVE-2023-44377,0,0,960eac8de781cbaac5ac605f1641529954ab7d1adeca62e37948b52710054780,2024-01-02T19:15:10.630000
@ -234404,12 +234404,12 @@ CVE-2023-46277,0,0,a6fa4dbc780bfb3b6a6202bb0e83283f9b99e7e1a7b8f1ed53b4a92f0140d
CVE-2023-46278,0,0,283a5f4d3b1f995039a2ae4f0ff4efe94da460721819375532b8f8104a5b1ff6,2023-11-08T23:22:08.177000
CVE-2023-46279,0,0,cad5cbf92c67be5e79c0f7d5a9fbe732104c543f1cf9a464893a67bc498495cf,2023-12-19T17:40:49.427000
CVE-2023-4628,0,0,9dd80f318e00bb6d35ea5e4f6175e104ad476846cbe758532913d6d17d532560,2024-03-12T12:40:13.500000
CVE-2023-46280,0,0,45a435b701b1e99cd063a9bd021090f5b4fea921aab4e358165bb60e8d71ec9f,2024-07-09T12:15:09.983000
CVE-2023-46281,0,0,d1c96645ec1997298cad04d09d109e8c4b1cf58cfd05201deffd95ab37859e27,2024-05-14T16:15:42.297000
CVE-2023-46282,0,0,cb5f3820c6a5ec57a2b3c97683e7d8d26c9cb22829b0541441edf4e166d40acb,2024-05-14T16:15:43.203000
CVE-2023-46283,0,0,fb39c731b7fc041236f809239a0e3765ae823cb7c7d031f07111a0b47cfa33b5,2024-05-14T16:15:44.003000
CVE-2023-46284,0,0,a3dad8730ea3cdedd60916948921e6604f15a39c865cf05c00cd5c094269d89b,2024-05-14T16:15:45.017000
CVE-2023-46285,0,0,98ad3de1716b4acc1982e0244e04cc6023297adb59fcf5b0728642aeef4911af,2024-05-14T16:15:45.917000
CVE-2023-46280,0,1,cca9a4196b97bf87f929801fc57b778ce5bfa52e126f588c4e6fc746ec0bcff9,2024-08-13T08:15:08.500000
CVE-2023-46281,0,1,9678d340eb8e8c3621a2295da0b683b5e535db74f413ed14e49bcf7e35065612,2024-08-13T08:15:08.660000
CVE-2023-46282,0,1,714753b6e8e7ef185c481709b11ed97b39e6fe8519123ef990d1a58187414101,2024-08-13T08:15:08.813000
CVE-2023-46283,0,1,bab6b2fd315ce2915b2ec49714854fb8bb67b39c2fc95b271f118cc3bddfba55,2024-08-13T08:15:08.950000
CVE-2023-46284,0,1,ade280cffed44a7b9421e4fbda9724a436bd200e40758e77ae5e4208b337c9fc,2024-08-13T08:15:09.073000
CVE-2023-46285,0,1,d188afff2af593d8f56e8e14ecfe1ee22fbe460fb35b399bc88e5907a79028e3,2024-08-13T08:15:09.193000
CVE-2023-46287,0,0,85a909e3e554790149fd7a7bdc6ee45250511abf7ba5aad16e27d821e125bedd,2023-10-26T17:05:56.627000
CVE-2023-46288,0,0,4e7c3d0f2a47c2cdb963e20693070bcb74b570c31f4c02925a81ed68bcc5f5b3,2024-05-01T18:15:10.563000
CVE-2023-46289,0,0,b718fe11c7d9982447dba29076a54dbfa45cb0ef9825d49911b46533095026f6,2023-11-07T18:18:35.950000
@ -236844,8 +236844,8 @@ CVE-2023-49688,0,0,a5f89d12b475893ebdb5550737c740d16805195ddd6399e3298925ef8f7a2
CVE-2023-49689,0,0,195f004e514ebf379352087458a884e8450a7f773f64f87ef67d530bdf029e9f,2023-12-27T20:49:07.780000
CVE-2023-4969,0,0,744bd0cd4763140fc38006881ac562f2cd1b870d1a88ba37251cbcfb0871089f,2024-01-23T16:56:25.943000
CVE-2023-49690,0,0,999d02d01749b1b180865fd3573e2f572ecd04362da35ff492a3993eaef81495,2024-01-02T20:15:09.933000
CVE-2023-49691,0,0,ccb3a62ba33d468bcb90021e017b4b3fea7b5e721eb8f9e419bbcf8ba616c357,2024-06-11T09:15:16.840000
CVE-2023-49692,0,0,887e386d60be3151c8b5d054e95998b73b9f43f8cedd856f64bbb7970cec631c,2024-02-13T09:15:46.507000
CVE-2023-49691,0,1,81013496a54ef0925524e74c4cfc8c9f041b36788804904c1161857af42f123d,2024-08-13T08:15:09.340000
CVE-2023-49692,0,1,ed086762f7f32a4984a92deca01d74ba16600237d85b2ee8f1ef8417a630367e,2024-08-13T08:15:09.553000
CVE-2023-49693,0,0,89e556c9027decf6a274154cf28fa56775d660d6bb79978a3c9d9cb9d88a7524,2023-12-05T01:54:46.047000
CVE-2023-49694,0,0,d9890a558360fe6a8f62af5449bc61d293e813ded45dbac9797405356821f396,2023-12-05T01:54:34.097000
CVE-2023-49695,0,0,31cc92b76e39c54f94cdc6f7d8f4c1294f30378e3c140ae3131399183ab25363,2023-12-15T14:17:40.347000
@ -246875,9 +246875,9 @@ CVE-2024-26268,0,0,a834c6859c82fe01c7319b79ec743ac2e1e48384520fe6bc3af73c96ba93c
CVE-2024-26269,0,0,cb625b1bd944ac1bff27d9b34a6ef0746c8193395b27f4cce109495578d443cc,2024-02-22T19:07:37.840000
CVE-2024-2627,0,0,e439be7d2f37d06c2a4be60c3366459538fd000d9e0a2427e31ec28a8b0dbf4b,2024-08-08T21:35:10.330000
CVE-2024-26270,0,0,2370bdb7a99956787a3745aa3f3e8554faf5c6062fbc90c3c2a2f302e3ff3d08,2024-02-20T19:50:53.960000
CVE-2024-26275,0,0,21e67c06e24d408ad1a549f766b54f5dfd1b4842df576d827b739e2a28d49505,2024-06-11T12:15:14.017000
CVE-2024-26276,0,0,7406f6551c3634363606a828a01f36a4203616ca4676532db244783183501388,2024-06-11T12:15:14.153000
CVE-2024-26277,0,0,53da675804208a63e801a731a45b8146add8b1e603e83f9c176483f042fa922f,2024-06-11T12:15:14.273000
CVE-2024-26275,0,1,8dfbb329f4480275f3997f999c67156f6da28beb9598b03f6430ffd568c06a84,2024-08-13T08:15:09.747000
CVE-2024-26276,0,1,ed958264a3e7c1b7d2ac25a218f34723a1e07c37a5fc5a5cc9f79cdf29775191,2024-08-13T08:15:09.880000
CVE-2024-26277,0,1,38c0c6ef14e665cf88fac106ffd03b1734f58fbe675610b1f96bcc355b7c6807,2024-08-13T08:15:10.003000
CVE-2024-26278,0,0,a4bf5f7d4f5a8cc66cc891c37bd6872984880cd4b8b9e994fb28df36f06ab446,2024-07-19T18:53:12.727000
CVE-2024-26279,0,0,495c848487ea7b68d426f27b99de0402b60520a7c129465843fde2c78b15bbc3,2024-07-19T18:53:34.103000
CVE-2024-2628,0,0,09573b659ba12c91153fe41a3eb70641eb4f8cb568e4e66d7b1cdbd070a295c2,2024-08-06T19:35:04.207000
@ -251354,9 +251354,9 @@ CVE-2024-32631,0,0,976960b3233145908ee4314174d96ae9dd1a5e40ad826957114103ac5674a
CVE-2024-32632,0,0,e6384cc01582683119468e9848b671ebc539dd7dee05a03deb8d8f1b4d1f1993,2024-04-16T13:24:07.103000
CVE-2024-32633,0,0,19ad52f194d80eee7b9d476fc9a522e9cbf796c6004e91d4a96a91a259fcc742,2024-04-16T13:24:07.103000
CVE-2024-32634,0,0,43d388a83adeabeb1237fa331a2d12cfa391871d0a62537b40c518c9137c3766,2024-04-16T13:24:07.103000
CVE-2024-32635,0,0,e3e5565ee2f0ef9200043e676540866236bb00b2ccc64d5aa9a199d53271d4a7,2024-05-14T19:17:55.627000
CVE-2024-32636,0,0,181c1a0511a04c9fdfe7d907573020786241ff432d9875fd218c9e8ef8e577cb,2024-05-14T19:17:55.627000
CVE-2024-32637,0,0,a7c07d4660064caf9af3b53143a0db8e8f29c66e9f92947ad28d7ce9bb5501d7,2024-05-14T19:17:55.627000
CVE-2024-32635,0,1,394f2dd78385a39fe36e689d1af678bb5668148ab15de0a78a0573a4958a9c59,2024-08-13T08:15:10.120000
CVE-2024-32636,0,1,ca36f8bffc29e00003438b022f666beafdd48df654150275974796d436bb0010,2024-08-13T08:15:10.260000
CVE-2024-32637,0,1,ab31d0941abce293673c4b03fef248c906f30d3fbc8d1798d0a78de4928ecf8b,2024-08-13T08:15:10.400000
CVE-2024-32638,0,0,64e69b6286f832bc6f0cd7c0b6e78e47c45f311d06cafdc54ce151131c91d6d4,2024-07-03T01:56:53.103000
CVE-2024-32639,0,0,232ef605e4b2372003eb65a59a12a61d9eff09ea7045b736b7381401f755e0b9,2024-05-14T19:17:55.627000
CVE-2024-3264,0,0,4fd9bc9e99380154396f065d7cf7d8392313fe896c9d71fccf19b4661e489df6,2024-06-24T19:26:47.037000
@ -252980,7 +252980,7 @@ CVE-2024-35154,0,0,7c994b7a6d7158efefd5e2d9a1e0bdd18fbe7152cacfbfaf67e2a7f91ec12
CVE-2024-35155,0,0,371571e1aae62a09e601d6099b5578266a4a707997394118a0b1e39997d5568b,2024-08-01T17:56:03.997000
CVE-2024-35156,0,0,7c4915a6e4fe8b0271ff6d9725c9fe229558124031a1900b31f29119291d2b8c,2024-07-01T12:37:24.220000
CVE-2024-3516,0,0,61323fc04733960d047e16de47c6d5cda2ae2931ba7c42276f6e75842f73a295,2024-07-03T02:06:20.027000
CVE-2024-35161,0,0,1bc8d21dda3044e5ae73848911d8dfa9cb27966a87d6de7869a82e1a947adbec,2024-08-12T13:39:50.477000
CVE-2024-35161,0,1,6aea9c3989d886688e1b7e99fb5bea03a80c08fc501d3b5e12f47ed8f4b07628,2024-08-13T09:15:04.610000
CVE-2024-35162,0,0,e2e13ef2eb30c7b92e657f4b1e361b879f73f57d79701db01dafa5276f6f5a54,2024-08-12T16:35:03.640000
CVE-2024-35165,0,0,a5a2ced0aefc202025ce7b223ffafe3ffc4109906dfd07a5a8a0577e3f72ac5b,2024-05-14T16:11:39.510000
CVE-2024-35166,0,0,288535809aded0d0429463b3203e908304fa856ed04133053a9493366e89b509,2024-05-14T16:11:39.510000
@ -253917,6 +253917,7 @@ CVE-2024-36394,0,0,ce487e69c50908b259342c996fd749aeec003c1cc9ebc8d7c04cb76587e4b
CVE-2024-36395,0,0,f89c2edf8412c7a856779bf7bdcd2dc639ea5537dbb90aaf5a59ca64c625227c,2024-07-19T18:34:58.837000
CVE-2024-36396,0,0,6296e5e5abad58fd92610447f6d594c40593fdd339b1a18f1de671640ea0ec15,2024-08-07T17:40:12.830000
CVE-2024-36397,0,0,397d32bfdb09c2d3f9db35c1f7589cf3773b581a432802ae94747ca8dbab95df,2024-08-08T14:52:17.297000
CVE-2024-36398,1,1,5d0cf40180b275ae9fc57b4f7335602bd00cc9b2981a75922b6f11b82d4a648d,2024-08-13T08:15:10.540000
CVE-2024-36399,0,0,343a0b337c47a08f8ef5da762844b89fa9f0783d7ae2cdee4dacb27b86b494cf,2024-06-07T14:56:05.647000
CVE-2024-3640,0,0,634a3a61b60e4b6447ed9849adb2e8bddc05031ce5f2169a17d54b538992fc1b,2024-05-17T18:36:31.297000
CVE-2024-36400,0,0,47a38d468bfeafda14a4695dfbafb860220a66750f81a96f50551b5447b95aa6,2024-06-10T19:39:21.660000
@ -255393,7 +255394,7 @@ CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045f
CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d01,2024-05-02T18:00:37.360000
CVE-2024-38856,0,0,5bdac33e3c1769f797760792fc523b4e832fcce7196ab622177b90376f5d9d69,2024-08-06T13:35:01.497000
CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e638,2024-07-02T12:09:16.907000
CVE-2024-38867,0,0,4bc8a346a92423127914d7bd932870dc2a7efecb39fecaf6981a89bcdb11978c,2024-07-09T18:19:14.047000
CVE-2024-38867,0,1,0587553b0e73bb3d7fb83caa644dbd7ff748ca26af84fce237e8ae38fe20168b,2024-08-13T08:15:10.817000
CVE-2024-3887,0,0,7992ee60f5f26d3f15d818db21e67277dbf02ae9d208c24a54e5c01935424c21,2024-05-16T13:03:05.353000
CVE-2024-38870,0,0,4167db09a3d5f0d1fb37f47670f8f4f5bc2492675561171c559ebd86c6b84b27,2024-07-18T12:28:43.707000
CVE-2024-38871,0,0,7b8770d00947c719a3dd8fe17f4a1ff79757e750998a4996ef9fa64a87345086,2024-07-29T14:12:08.783000
@ -255401,10 +255402,10 @@ CVE-2024-38872,0,0,dbf8cb370f3281d99398aef0cb2a514c7e42473174f976e3fef6fdbb067cc
CVE-2024-38873,0,0,6889a908915a370dc32eb3b9351070cdb3a634a1b8f52aac6863c833e22f79b2,2024-07-03T02:05:21.267000
CVE-2024-38874,0,0,1c1b28247d06b02b2f044fb942d8a6aa89aab3909bc7e48738a346b7a68e1cc9,2024-06-21T11:22:01.687000
CVE-2024-38875,0,0,d18c0c1f05faa02ef048ee622890d874b54f8d91a4409a82414c9856f7ccdec0,2024-07-12T16:11:48.453000
CVE-2024-38876,0,0,f37d327b0def2e29d3bc6bc3dacba715ce6d823e45c05553176d08d7c1cd9e79,2024-08-02T12:59:43.990000
CVE-2024-38877,0,0,3c2802af256f993e9c9b1997654b28c298662bb9ea87dfa88b885cc43cb50c7c,2024-08-02T12:59:43.990000
CVE-2024-38878,0,0,be9ed31353c78e492c6e88a7b293166827149613fca36318236d1aede1b61afa,2024-08-02T12:59:43.990000
CVE-2024-38879,0,0,dc3bd179e6119486737c4f1168e051931d384978feb6aaddd27b647eedd9b13a,2024-08-02T12:59:43.990000
CVE-2024-38876,0,1,ccd04c79533857063dcbf06cadc74557c79dc3e8ac98350df230d0b06b3c2732,2024-08-13T08:15:10.983000
CVE-2024-38877,0,1,92a669ce00e3184d9acc95ecff13efbf4424a0a44bf529ff5b71996f6ef415fe,2024-08-13T08:15:11.140000
CVE-2024-38878,0,1,e0cbe6db69126882fd9868bf050190fc5744969b032ce63732f277d3640cafa0,2024-08-13T08:15:11.293000
CVE-2024-38879,0,1,061dfba5bc87f3ac7f768a7008b32952fc11607dc48e866352cf259904b8fcd2,2024-08-13T08:15:11.433000
CVE-2024-3888,0,0,bc342da7901e0094f72065e6dd2aedad38420d6e9d380693e035c77fa5fe3f90,2024-06-04T16:57:41.053000
CVE-2024-38881,0,0,2ea60d09d0d9ff87b6dd792d394f437879631637f2111fab8651cc5ce17e3b46,2024-08-07T16:15:44.930000
CVE-2024-38882,0,0,ea1448ebae28393db0b7622f2675e28d74dab9b17e97c9a882ec3bbe17d057da,2024-08-07T16:15:45
@ -255949,6 +255950,7 @@ CVE-2024-39918,0,0,a01d13ae0b603735ac5bf07d7a2e68692283e08ddeecd7e6f7dcec848231b
CVE-2024-39919,0,0,ef22e6bc228ea2cf3764fb5e5dab9f5aabfb0f60858f62004efb01879ab42cf0,2024-07-16T13:43:58.773000
CVE-2024-3992,0,0,d59b458f7245a3919fa8340af270cf293071474241b7e0b0583fac012fe7336d,2024-08-07T19:08:22.713000
CVE-2024-39920,0,0,6bef49e28b0964791fd5773db4da2a4c4749e9b59fc7a5ce56343d0a0b5eb623,2024-08-05T19:35:13.550000
CVE-2024-39922,1,1,b89333caf950da4653b2ec0f0ab30e298687f5d026ebf9185c88168411fb1bad,2024-08-13T08:15:11.567000
CVE-2024-39927,0,0,717dcd9b351ff5b040ab1ae7299ad64aae73108f68a03a8e01e420f58c1fcdd4,2024-08-01T13:56:03.057000
CVE-2024-39929,0,0,a101bb24f7d63f090f20192946a102f9a39a1df49f06f499eb77157966db47ea,2024-07-09T16:22:58.760000
CVE-2024-3993,0,0,a2f94f13d02cfe8603a71433706e6cc2c5ad0c0e3e2fd5d51c299cf3fc301a73,2024-07-03T02:06:58.160000
@ -256687,6 +256689,9 @@ CVE-2024-41672,0,0,22d9ca4e03b108f26bbb384eff42397f3ecb90b1b86b629c7d5509df37cbc
CVE-2024-41676,0,0,61be418f160a9962fa96c6561684c479cc1e76f508200bb9c78cde88da1bdcd4,2024-07-29T16:21:52.517000
CVE-2024-41677,0,0,350177b79949244cfbc185c5f18aee412a8902a49d36a53e1d4b50536f1effd5,2024-08-12T18:51:29.497000
CVE-2024-4168,0,0,7f4f833c88738c683a47d814a058bf8a730868170937a9aca799097bc79bf22f,2024-06-04T19:20:31.690000
CVE-2024-41681,1,1,50c462ab13c1b85217a2ab2aa24e4694b9f475d8ddc654460954ef0e0a9753fa,2024-08-13T08:15:11.847000
CVE-2024-41682,1,1,2b2464c3ee98c49acbd919e7f5e34e6bd802d8388f87ab25acef6b2d477bdeed,2024-08-13T08:15:12.167000
CVE-2024-41683,1,1,9780ad11940d3f32d58091a056b090b52b11484c73d996cf91c57ff9fc50fbf6,2024-08-13T08:15:12.440000
CVE-2024-41684,0,0,1b960d89046bc8e3eaa12e0c6287bde4affa573a56f4d64d5604ebe07482aab6,2024-08-06T13:25:49.640000
CVE-2024-41685,0,0,a068970e4306540ce1cc9df2cfd1edb284bc63da7de6424b24a52ab81b1f3ec4,2024-08-06T12:51:23.760000
CVE-2024-41686,0,0,0724427e4fba2566827e14754d55d09ae4da5068fe75928087f7f167ed7545e4,2024-08-06T13:20:05.540000
@ -256771,6 +256776,12 @@ CVE-2024-41888,0,0,732035365d9dca966bbb01cf0554f084d6d5446f352b0bfbfd05d657e62c4
CVE-2024-41889,0,0,afc718e09b38fea98bf4af598c03af33eb38888a59959d88ad94aa8810cd502c,2024-08-07T19:35:11.473000
CVE-2024-41890,0,0,db9be7aaec3f0e305c1425d168e81c684e69b3cb2cbbd809f74a130e7ea87d73,2024-08-12T13:41:36.517000
CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000
CVE-2024-41903,1,1,9ec8defdeaf0474e771dced78b4e68b4ddb59cc3a8413a88a4543a10e24448b0,2024-08-13T08:15:12.717000
CVE-2024-41904,1,1,d9d50831e94ac60e404deed7b6af874afdd1c5918cdf543c6e98305f959c46b9,2024-08-13T08:15:13.003000
CVE-2024-41905,1,1,5c74655633f38bf188f38fb0a90f6c3ea4919cc759beef0a8a2cc40c3d74533c,2024-08-13T08:15:13.250000
CVE-2024-41906,1,1,f3f4161f2c77c5cbaea7c1abd685df48a69f4f32b558220fb718bcaa4965e140,2024-08-13T08:15:13.560000
CVE-2024-41907,1,1,d07be0d1be7beadc8da7999186b7159ef6079d20ea5f5345ce0c5192b04aded3,2024-08-13T08:15:13.813000
CVE-2024-41908,1,1,3e3225b863bf687d2be1f70faa9e1698d73dbab5ab3f26e0cfe3ea3c137a2c1b,2024-08-13T08:15:14.110000
CVE-2024-41909,0,0,337038a3b5c59abd8e55d975739739e11455537d62050bba02f94002d048f34d,2024-08-12T18:57:29.247000
CVE-2024-41910,0,0,05e8a8305f60931af1e7f6df78a4476b8482c489e829a2c9df8e95a89a5ad19c,2024-08-08T18:15:10.897000
CVE-2024-41911,0,0,bcede814e75673c8612430bdf7cb23c705580c34203914afdea68119c277efad,2024-08-06T16:30:24.547000
@ -256784,7 +256795,11 @@ CVE-2024-41924,0,0,06cc2d8c551d8fd39f4e2ff31447bb4070ddde2d992cf8f0c8cb1b0035280
CVE-2024-41926,0,0,13c43cd281b4a9b74f2496b8daab80f10df1e7e6bc024b50c3c661b49018ccc2,2024-08-01T16:45:25.400000
CVE-2024-4193,0,0,4d4f4fcde78b01b33e30a077c434c1714d01a9ac9cd58d916bc86b963b6ddbd7,2024-05-14T16:11:39.510000
CVE-2024-41936,0,0,3e7584de3119384718885fa91426c70960b6e9df5afd267fe806c0b221ea60dd,2024-08-12T13:41:36.517000
CVE-2024-41938,1,1,ddfd3d26deac0162392d7581e0125c856605ef762a07dcd7ca53209e4c5caaf5,2024-08-13T08:15:14.353000
CVE-2024-41939,1,1,debde528a56e104b5d10701cd73482901350eec4c14a18a5336b65360e5fb436,2024-08-13T08:15:14.610000
CVE-2024-4194,0,0,cb2c64b568e3bd7c78c9d4f736651c66722818abe246f3bc5aedd70e3521cb96,2024-06-06T14:17:35.017000
CVE-2024-41940,1,1,84195dc8ecc8101f63b7d952c792fb8adea5349f5341ed8a2376ed93a70cff65,2024-08-13T08:15:14.890000
CVE-2024-41941,1,1,8e5ac1eedf419d1b61544050c7dfd656c6038cc8de9711a933db4faf6bab3dc7,2024-08-13T08:15:15.160000
CVE-2024-41942,0,0,7923ac40921d31d0296434cafefbd05115f6a6de46c0d45a5dcdea9f8a32742f,2024-08-12T15:53:27.457000
CVE-2024-41943,0,0,e9522f5ef1fc490dfac21cbf940a07ce3841f4fb783f1339fe71b8d4141a64db,2024-07-31T12:57:02.300000
CVE-2024-41944,0,0,135d3dced80bc39762656a548dac91a6dee89920c44affdb521ffafdd868d70c,2024-07-31T12:57:02.300000
@ -256810,6 +256825,9 @@ CVE-2024-41961,0,0,3c3cbde88cd825de8bae83de9e23bceebed48c0b620332721ebe0297499b9
CVE-2024-41962,0,0,5aa1ed6b30907704a36dc6fd122a906a648121941a14c73bf3eebe85b6d07876,2024-08-02T12:59:43.990000
CVE-2024-41965,0,0,2d1c3b12d760b98aa2eaba7bc040a10a4b90c52e44f9dfa32fdcb4160559d799,2024-08-09T14:09:32.507000
CVE-2024-4197,0,0,45da0b07f911473fe59b939894a184bd20b4010bb74cc514ccd6533e9d15c77b,2024-06-25T12:24:17.873000
CVE-2024-41976,1,1,387abae391577a5e677e5839f9dce7e51f3265a1dccc97da15c65b14665baf5f,2024-08-13T08:15:15.403000
CVE-2024-41977,1,1,948be1e5f151df35485ecd695eff5c8fa6dea1d6db65e7d979e78ef001ed5616,2024-08-13T08:15:15.640000
CVE-2024-41978,1,1,98b3f91c7b29c337e3e96ae32968a63e556d5be66a9f1f06a387848c1996c5c8,2024-08-13T08:15:15.903000
CVE-2024-4198,0,0,10694c0c68dfe4c7db6b33a26dfbe4eb44c2b4223bfed9be5285208f068f86b9,2024-04-26T12:58:17.720000
CVE-2024-41989,0,0,e902f47b7607adc4839df00802ec4b9f801f5195050e557f24fe6e1b06bacb3c,2024-08-08T20:35:11.140000
CVE-2024-4199,0,0,fcf36265d6a610d83a178901804339aadd89406ac8a1349d6da6f71c3e13bfe9,2024-05-15T16:40:19.330000
@ -259112,7 +259130,7 @@ CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c
CVE-2024-6717,0,0,0b065284c5a83df80f016d53c3ebe26a820992221428250ad8b4acf1f2d75be1,2024-07-24T12:55:13.223000
CVE-2024-6720,0,0,1dc3a2e2b9f95baf4f0364462830a2005109f2f0ee9a4c40c2088696994c0bf6,2024-08-07T20:53:27.343000
CVE-2024-6721,0,0,20bc3ac9fd25b0ef666ff8f606cfc8f742981337efa5a16bd2cfa701fac87a51,2024-07-15T16:15:03.467000
CVE-2024-6724,1,1,d6f0c65558e68f99aa98f137ee26bad13287cde07077fb7ac2146c2fd6833cbd,2024-08-13T06:15:04.083000
CVE-2024-6724,0,0,d6f0c65558e68f99aa98f137ee26bad13287cde07077fb7ac2146c2fd6833cbd,2024-08-13T06:15:04.083000
CVE-2024-6725,0,0,02f518ea588b9f58d1f41a7ee9055d6a87d38c1076b40cf72b33d47960c5f058,2024-07-31T12:57:02.300000
CVE-2024-6726,0,0,67da9a54e5a829e4300bb2883a5b7a4407d07a460c0b67dc5027c2e9a4f78316,2024-07-30T13:33:30.653000
CVE-2024-6727,0,0,9d08fdd347dc87a0df3a4e157904c3068a4121c1538981e1be169dd75a3fc029,2024-07-30T13:33:30.653000
@ -259174,7 +259192,7 @@ CVE-2024-6805,0,0,df9c24152184824aaec79a13a2bf3e8af4b412b0a659321142aa5850936d97
CVE-2024-6806,0,0,ee5c95118c41ce11e7d4b52c5bbead77dffa73ecabb9abea55db46ee557c211f,2024-07-24T12:55:13.223000
CVE-2024-6807,0,0,e4d3dc581aa656108086542a60085fb674561ed6b78bc58e0e899b44edae1d40,2024-08-06T11:16:07.450000
CVE-2024-6808,0,0,2df5a702fa4af6687f0c8dc8e100812ff9b6b346801edb239f41e0ca638c0076,2024-07-19T15:04:43.837000
CVE-2024-6823,1,1,8c4a7dea1e2becf55798301bcb5fdc46f6ea3195981111648e71941f0f636703,2024-08-13T06:15:05.120000
CVE-2024-6823,0,0,8c4a7dea1e2becf55798301bcb5fdc46f6ea3195981111648e71941f0f636703,2024-08-13T06:15:05.120000
CVE-2024-6824,0,0,2b5b10cc415939a34f32e5b37be54f877a179f9144de8a5e8476b884ab80faa8,2024-08-08T13:04:18.753000
CVE-2024-6828,0,0,5e3bce0050be5ef41f841daf735b80af46e729368278d26d6a7ddc5bbbdee66f,2024-07-24T12:55:13.223000
CVE-2024-6830,0,0,66325e33317c6fde8b929b285667c5104c4ae04492532b5067560968ff36e7fb,2024-07-18T12:28:43.707000
@ -259400,7 +259418,7 @@ CVE-2024-7224,0,0,af2db88c20757182d6fe4e4cfa97afc8f203736333d30a696d87d762a1939e
CVE-2024-7225,0,0,e974c1f8e77945a548823cf60aed30edab7ed3ad9e75b60e5161d6e31cd3da09,2024-07-30T13:32:45.943000
CVE-2024-7226,0,0,8ccb52401469e015e0678efa0fcd5200575cc7f7749dae8fc4bc7e839e645ade,2024-07-30T13:32:45.943000
CVE-2024-7246,0,0,b268ee120ca92b4c7d0a004d06b39e1ba37d5fd50d8d0e082e72d2daefd1725e,2024-08-06T16:30:24.547000
CVE-2024-7247,1,1,10b6563bcca9299dadfcef2964f18720d9da0668c22a520ba8f836a0ac593e11,2024-08-13T06:15:05.777000
CVE-2024-7247,0,0,10b6563bcca9299dadfcef2964f18720d9da0668c22a520ba8f836a0ac593e11,2024-08-13T06:15:05.777000
CVE-2024-7248,0,0,ebc2727ef1ac7b5ee7b71368a85d91d1db59260dc970f86f7476ace25fb5fea3,2024-07-30T13:32:45.943000
CVE-2024-7249,0,0,b1c62b4f237d55dfb39f8f205e178006f9409a78ccfd426e79f2f98ca375d833,2024-07-30T13:32:45.943000
CVE-2024-7250,0,0,2ad6dc357ed437eabcd60fe2775245fd2e54c1167d56f0a56470e33155a5fc4c,2024-07-30T13:32:45.943000
@ -259665,4 +259683,4 @@ CVE-2024-7705,0,0,cf95b489808fa8132dfdd8d11fdf93e486e1b455e83524c7ef4630f887c078
CVE-2024-7706,0,0,dddae6f8d636e0e2c3ba2b1628309dfeb1aca307337fd2625268eab5b9b234c9,2024-08-12T23:15:19.417000
CVE-2024-7707,0,0,21170f2707eddb1f88d3623b0eff5f0856514ae1fb599ac77f04f14c1cb19563,2024-08-13T01:24:09.723000
CVE-2024-7709,0,0,7f617395257f5decd3ca8318abe3ce517c53d7b8c4baa7edc2f2c2b481a048c8,2024-08-13T01:24:10.067000
CVE-2024-7715,1,1,674e3a8487a50dd01276fd949946f18896c90b358f8f5fb3b8739aee9ce4e714,2024-08-13T07:15:13.677000
CVE-2024-7715,0,0,674e3a8487a50dd01276fd949946f18896c90b358f8f5fb3b8739aee9ce4e714,2024-08-13T07:15:13.677000

Can't render this file because it is too large.