From 4f1350f05d2e54cfbd85bef6298a055607a8253b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 13 Aug 2024 10:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-08-13T10:00:18.540667+00:00 --- CVE-2022/CVE-2022-358xx/CVE-2022-35868.json | 10 +- CVE-2022/CVE-2022-461xx/CVE-2022-46143.json | 10 +- CVE-2023/CVE-2023-262xx/CVE-2023-26293.json | 10 +- CVE-2023/CVE-2023-385xx/CVE-2023-38522.json | 28 +++--- CVE-2023/CVE-2023-385xx/CVE-2023-38527.json | 4 +- CVE-2023/CVE-2023-385xx/CVE-2023-38529.json | 4 +- CVE-2023/CVE-2023-385xx/CVE-2023-38531.json | 4 +- CVE-2023/CVE-2023-443xx/CVE-2023-44317.json | 4 +- CVE-2023/CVE-2023-443xx/CVE-2023-44319.json | 4 +- CVE-2023/CVE-2023-443xx/CVE-2023-44320.json | 8 +- CVE-2023/CVE-2023-443xx/CVE-2023-44321.json | 6 +- CVE-2023/CVE-2023-443xx/CVE-2023-44322.json | 4 +- CVE-2023/CVE-2023-443xx/CVE-2023-44373.json | 48 +++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44374.json | 4 +- CVE-2023/CVE-2023-462xx/CVE-2023-46280.json | 8 +- CVE-2023/CVE-2023-462xx/CVE-2023-46281.json | 4 +- CVE-2023/CVE-2023-462xx/CVE-2023-46282.json | 4 +- CVE-2023/CVE-2023-462xx/CVE-2023-46283.json | 4 +- CVE-2023/CVE-2023-462xx/CVE-2023-46284.json | 4 +- CVE-2023/CVE-2023-462xx/CVE-2023-46285.json | 4 +- CVE-2023/CVE-2023-496xx/CVE-2023-49691.json | 4 +- CVE-2023/CVE-2023-496xx/CVE-2023-49692.json | 4 +- CVE-2024/CVE-2024-262xx/CVE-2024-26275.json | 4 +- CVE-2024/CVE-2024-262xx/CVE-2024-26276.json | 4 +- CVE-2024/CVE-2024-262xx/CVE-2024-26277.json | 4 +- CVE-2024/CVE-2024-326xx/CVE-2024-32635.json | 52 +++++++++- CVE-2024/CVE-2024-326xx/CVE-2024-32636.json | 52 +++++++++- CVE-2024/CVE-2024-326xx/CVE-2024-32637.json | 52 +++++++++- CVE-2024/CVE-2024-351xx/CVE-2024-35161.json | 10 +- CVE-2024/CVE-2024-363xx/CVE-2024-36398.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-388xx/CVE-2024-38867.json | 4 +- CVE-2024/CVE-2024-388xx/CVE-2024-38876.json | 4 +- CVE-2024/CVE-2024-388xx/CVE-2024-38877.json | 4 +- CVE-2024/CVE-2024-388xx/CVE-2024-38878.json | 4 +- CVE-2024/CVE-2024-388xx/CVE-2024-38879.json | 4 +- CVE-2024/CVE-2024-399xx/CVE-2024-39922.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-416xx/CVE-2024-41681.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-416xx/CVE-2024-41682.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-416xx/CVE-2024-41683.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41903.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41904.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41905.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41906.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41907.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41908.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41938.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41939.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41940.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41941.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41976.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41977.json | 100 ++++++++++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41978.json | 100 ++++++++++++++++++++ README.md | 57 +++++++++-- _state.csv | 94 ++++++++++-------- 54 files changed, 2203 insertions(+), 130 deletions(-) create mode 100644 CVE-2024/CVE-2024-363xx/CVE-2024-36398.json create mode 100644 CVE-2024/CVE-2024-399xx/CVE-2024-39922.json create mode 100644 CVE-2024/CVE-2024-416xx/CVE-2024-41681.json create mode 100644 CVE-2024/CVE-2024-416xx/CVE-2024-41682.json create mode 100644 CVE-2024/CVE-2024-416xx/CVE-2024-41683.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41903.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41904.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41905.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41906.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41907.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41908.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41938.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41939.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41940.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41941.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41976.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41977.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41978.json diff --git a/CVE-2022/CVE-2022-358xx/CVE-2022-35868.json b/CVE-2022/CVE-2022-358xx/CVE-2022-35868.json index 039c54b8837..35cf1220dfc 100644 --- a/CVE-2022/CVE-2022-358xx/CVE-2022-35868.json +++ b/CVE-2022/CVE-2022-358xx/CVE-2022-35868.json @@ -2,13 +2,13 @@ "id": "CVE-2022-35868", "sourceIdentifier": "productcert@siemens.com", "published": "2023-02-14T11:15:12.847", - "lastModified": "2024-02-08T18:40:59.770", - "vulnStatus": "Analyzed", + "lastModified": "2024-08-13T08:15:05.163", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server\u00a0 (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path." + "value": "A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path." } ], "metrics": { @@ -130,6 +130,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-640968.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2022/CVE-2022-461xx/CVE-2022-46143.json b/CVE-2022/CVE-2022-461xx/CVE-2022-46143.json index 9d89c5875c3..204f472a0c0 100644 --- a/CVE-2022/CVE-2022-461xx/CVE-2022-46143.json +++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46143.json @@ -2,7 +2,7 @@ "id": "CVE-2022-46143", "sourceIdentifier": "productcert@siemens.com", "published": "2022-12-13T16:15:25.137", - "lastModified": "2023-12-12T12:15:10.230", + "lastModified": "2024-08-13T08:15:05.483", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -2817,6 +2817,14 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html", + "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-413565.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26293.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26293.json index 65290e29f0d..62581745367 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26293.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26293.json @@ -2,13 +2,13 @@ "id": "CVE-2023-26293", "sourceIdentifier": "productcert@siemens.com", "published": "2023-04-11T10:15:18.157", - "lastModified": "2024-02-01T15:19:36.830", - "vulnStatus": "Analyzed", + "lastModified": "2024-08-13T08:15:05.880", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution." + "value": "A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions < V16 Update 7), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution." } ], "metrics": { @@ -135,6 +135,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116924.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38522.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38522.json index d87a5fdc90a..2ca087b5e4b 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38522.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38522.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38522", "sourceIdentifier": "security@apache.org", "published": "2024-07-26T10:15:01.923", - "lastModified": "2024-08-12T13:38:32.837", - "vulnStatus": "Analyzed", + "lastModified": "2024-08-13T09:15:04.310", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -61,7 +61,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -70,25 +70,25 @@ } ] }, - { - "source": "security@apache.org", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-20" - } - ] - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", "value": "CWE-86" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-444" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38527.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38527.json index db132580d5f..1c960c6c86c 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38527.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38527.json @@ -2,13 +2,13 @@ "id": "CVE-2023-38527", "sourceIdentifier": "productcert@siemens.com", "published": "2023-08-08T10:15:15.923", - "lastModified": "2024-06-11T12:15:11.363", + "lastModified": "2024-08-13T08:15:06.110", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38529.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38529.json index 0e6c96e34ef..c086550f5a2 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38529.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38529.json @@ -2,13 +2,13 @@ "id": "CVE-2023-38529", "sourceIdentifier": "productcert@siemens.com", "published": "2023-08-08T10:15:16.127", - "lastModified": "2024-06-11T12:15:11.633", + "lastModified": "2024-08-13T08:15:06.310", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38531.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38531.json index 451e7e539c5..8740f1a0641 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38531.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38531.json @@ -2,13 +2,13 @@ "id": "CVE-2023-38531", "sourceIdentifier": "productcert@siemens.com", "published": "2023-08-08T10:15:16.317", - "lastModified": "2024-06-11T12:15:11.907", + "lastModified": "2024-08-13T08:15:06.457", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json index 819adb555f9..76066745a4b 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44317", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.067", - "lastModified": "2024-06-11T09:15:13.730", + "lastModified": "2024-08-13T08:15:06.607", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json index 79f17f4c77e..babef2ec6af 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44319", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.510", - "lastModified": "2024-06-11T09:15:14.940", + "lastModified": "2024-08-13T08:15:07.073", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json index 306e09149cb..49f681a4e6c 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44320.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44320", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.757", - "lastModified": "2024-02-13T09:15:44.340", + "lastModified": "2024-08-13T08:15:07.287", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator." }, { "lang": "es", @@ -2062,6 +2062,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json index 6010ade479a..5b07c97410c 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44321.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44321", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.973", - "lastModified": "2024-06-11T12:15:12.800", + "lastModified": "2024-08-13T08:15:07.533", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -2106,6 +2106,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json index e2f69123066..e26b7ddcbf1 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44322.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44322", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.187", - "lastModified": "2024-02-13T09:15:44.733", + "lastModified": "2024-08-13T08:15:07.770", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json index 86bcaabf714..9ef0bc3a9bf 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44373", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.417", - "lastModified": "2024-06-11T09:15:15.377", + "lastModified": "2024-08-13T08:15:08.033", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + } + } + ], "cvssMetricV31": [ { "source": "productcert@siemens.com", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json index 84eff4dd223..26fe9779550 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44374", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.753", - "lastModified": "2024-06-11T09:15:15.990", + "lastModified": "2024-08-13T08:15:08.297", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json index ea380f0a517..8cd5bc995c6 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46280", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:15:40.800", - "lastModified": "2024-07-09T12:15:09.983", + "lastModified": "2024-08-13T08:15:08.500", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." }, { "lang": "es", @@ -96,6 +96,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json index 4aa4cb4b9b8..67ec4f234bb 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46281", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:13.653", - "lastModified": "2024-05-14T16:15:42.297", + "lastModified": "2024-08-13T08:15:08.660", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json index b321df8bb3b..89d0343c6c7 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46282", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:13.870", - "lastModified": "2024-05-14T16:15:43.203", + "lastModified": "2024-08-13T08:15:08.813", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json index 2e71e646b4c..7484bb2e1b7 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46283", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.067", - "lastModified": "2024-05-14T16:15:44.003", + "lastModified": "2024-08-13T08:15:08.950", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json index bd48ae08557..89ad10b6506 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46284", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.273", - "lastModified": "2024-05-14T16:15:45.017", + "lastModified": "2024-08-13T08:15:09.073", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json index dfd3133fa93..e78e656a9eb 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46285", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.477", - "lastModified": "2024-05-14T16:15:45.917", + "lastModified": "2024-08-13T08:15:09.193", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49691.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49691.json index e12c785e871..c3115d7d4a2 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49691.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49691.json @@ -2,13 +2,13 @@ "id": "CVE-2023-49691", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:15.990", - "lastModified": "2024-06-11T09:15:16.840", + "lastModified": "2024-08-13T08:15:09.340", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49692.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49692.json index 06874139223..b2fac9c20f0 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49692.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49692.json @@ -2,13 +2,13 @@ "id": "CVE-2023-49692", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:16.203", - "lastModified": "2024-02-13T09:15:46.507", + "lastModified": "2024-08-13T08:15:09.553", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26275.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26275.json index c95d8d8bedb..6f9d8816d94 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26275.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26275.json @@ -2,13 +2,13 @@ "id": "CVE-2024-26275", "sourceIdentifier": "productcert@siemens.com", "published": "2024-04-09T09:15:24.260", - "lastModified": "2024-06-11T12:15:14.017", + "lastModified": "2024-08-13T08:15:09.747", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26276.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26276.json index d36d8c559ad..a26f2e16b12 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26276.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26276.json @@ -2,13 +2,13 @@ "id": "CVE-2024-26276", "sourceIdentifier": "productcert@siemens.com", "published": "2024-04-09T09:15:24.457", - "lastModified": "2024-06-11T12:15:14.153", + "lastModified": "2024-08-13T08:15:09.880", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26277.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26277.json index cd2f7e683a8..fdd9ffda6a7 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26277.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26277.json @@ -2,13 +2,13 @@ "id": "CVE-2024-26277", "sourceIdentifier": "productcert@siemens.com", "published": "2024-04-09T09:15:24.670", - "lastModified": "2024-06-11T12:15:14.273", + "lastModified": "2024-08-13T08:15:10.003", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions < V36.1.147), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32635.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32635.json index 954514432f6..fbee30bb30c 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32635.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32635.json @@ -2,13 +2,13 @@ "id": "CVE-2024-32635", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:17:04.387", - "lastModified": "2024-05-14T19:17:55.627", + "lastModified": "2024-08-13T08:15:10.120", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the unmapped memory region while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], "cvssMetricV31": [ { "source": "productcert@siemens.com", @@ -55,6 +99,10 @@ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32636.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32636.json index a6ea791ba72..e348b03c5a7 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32636.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32636.json @@ -2,13 +2,13 @@ "id": "CVE-2024-32636", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:17:05.553", - "lastModified": "2024-05-14T19:17:55.627", + "lastModified": "2024-08-13T08:15:10.260", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], "cvssMetricV31": [ { "source": "productcert@siemens.com", @@ -55,6 +99,10 @@ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32637.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32637.json index 111a1861aa2..b394e0a331f 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32637.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32637.json @@ -2,13 +2,13 @@ "id": "CVE-2024-32637", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:17:06.590", - "lastModified": "2024-05-14T19:17:55.627", + "lastModified": "2024-08-13T08:15:10.400", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." + "value": "A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions < V2312.0005). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted X_T files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + } + } + ], "cvssMetricV31": [ { "source": "productcert@siemens.com", @@ -55,6 +99,10 @@ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html", "source": "productcert@siemens.com" + }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html", + "source": "productcert@siemens.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35161.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35161.json index bfdbeff654f..1c043a18da5 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35161.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35161.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35161", "sourceIdentifier": "security@apache.org", "published": "2024-07-26T10:15:02.567", - "lastModified": "2024-08-12T13:39:50.477", - "vulnStatus": "Analyzed", + "lastModified": "2024-08-13T09:15:04.610", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -61,7 +61,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security@apache.org", "type": "Primary", "description": [ { @@ -71,12 +71,12 @@ ] }, { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-444" } ] } diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36398.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36398.json new file mode 100644 index 00000000000..b9af465ae4a --- /dev/null +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36398.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-36398", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:10.540", + "lastModified": "2024-08-13T08:15:10.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.5, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38867.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38867.json index cfd26d433e2..4bfe56d61f4 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38867.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38867.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38867", "sourceIdentifier": "productcert@siemens.com", "published": "2024-07-09T12:15:15.750", - "lastModified": "2024-07-09T18:19:14.047", + "lastModified": "2024-08-13T08:15:10.817", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). \r\nThis could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from those ports." + "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). \r\nThis could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38876.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38876.json index 6a6ae5ee94f..5fac77d7558 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38876.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38876.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38876", "sourceIdentifier": "productcert@siemens.com", "published": "2024-08-02T11:16:41.643", - "lastModified": "2024-08-02T12:59:43.990", + "lastModified": "2024-08-13T08:15:10.983", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions >= R9.2), Omnivise T3000 Domain Controller (All versions >= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions >= R9.2), Omnivise\u00a0T3000 Terminal Server (All versions >= R9.2), Omnivise T3000 Thin Client (All versions >= R9.2), Omnivise T3000 Whitelisting Server (All versions >= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges." + "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38877.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38877.json index 9d79ffbabac..84923b6a579 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38877.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38877.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38877", "sourceIdentifier": "productcert@siemens.com", "published": "2024-08-02T11:16:41.957", - "lastModified": "2024-08-02T12:59:43.990", + "lastModified": "2024-08-13T08:15:11.140", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions), Omnivise T3000 Domain Controller (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) (All versions), Omnivise T3000 Product Data Management (PDM) (All versions), Omnivise T3000 Security Server (All versions), Omnivise\u00a0T3000 Terminal Server (All versions), Omnivise T3000 Thin Client (All versions), Omnivise T3000 Whitelisting Server (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network." + "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38878.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38878.json index e477e677014..ac5fe1ac489 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38878.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38878.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38878", "sourceIdentifier": "productcert@siemens.com", "published": "2024-08-02T11:16:42.260", - "lastModified": "2024-08-02T12:59:43.990", + "lastModified": "2024-08-13T08:15:11.293", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system." + "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38879.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38879.json index a43cedcd8c6..cc0755a22ce 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38879.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38879.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38879", "sourceIdentifier": "productcert@siemens.com", "published": "2024-08-02T11:16:42.510", - "lastModified": "2024-08-02T12:59:43.990", + "lastModified": "2024-08-13T08:15:11.433", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application." + "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-399xx/CVE-2024-39922.json b/CVE-2024/CVE-2024-399xx/CVE-2024-39922.json new file mode 100644 index 00000000000..55e31414a62 --- /dev/null +++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39922.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39922", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:11.567", + "lastModified": "2024-08-13T08:15:11.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices store user passwords in plaintext without proper protection. This could allow a physical attacker to retrieve them from the embedded storage ICs." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-256" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-921449.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41681.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41681.json new file mode 100644 index 00000000000..f42d3f26c35 --- /dev/null +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41681.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41681", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:11.847", + "lastModified": "2024-08-13T08:15:11.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Location Intelligence family (All versions < V4.4). The web server of affected products is configured to support weak ciphers by default. This could allow an unauthenticated attacker in an on-path position to to read and modify any data passed over the connection between legitimate clients and the affected device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41682.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41682.json new file mode 100644 index 00000000000..e8401590871 --- /dev/null +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41682.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41682", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:12.167", + "lastModified": "2024-08-13T08:15:12.167", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated remote attacker to conduct brute force attacks against legitimate user passwords." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-416xx/CVE-2024-41683.json b/CVE-2024/CVE-2024-416xx/CVE-2024-41683.json new file mode 100644 index 00000000000..4fc43e083ad --- /dev/null +++ b/CVE-2024/CVE-2024-416xx/CVE-2024-41683.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41683", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:12.440", + "lastModified": "2024-08-13T08:15:12.440", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force attack against legitimate user passwords." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41903.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41903.json new file mode 100644 index 00000000000..dded2e63907 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41903.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41903", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:12.717", + "lastModified": "2024-08-13T08:15:12.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41904.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41904.json new file mode 100644 index 00000000000..0ecbb094f60 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41904.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41904", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:13.003", + "lastModified": "2024-08-13T08:15:13.003", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41905.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41905.json new file mode 100644 index 00000000000..ee87ad08f36 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41905.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41905", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:13.250", + "lastModified": "2024-08-13T08:15:13.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.6, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41906.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41906.json new file mode 100644 index 00000000000..9e6bf5f0319 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41906.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41906", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:13.560", + "lastModified": "2024-08-13T08:15:13.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-524" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41907.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41907.json new file mode 100644 index 00000000000..dddb7fd976a --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41907.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41907", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:13.813", + "lastModified": "2024-08-13T08:15:13.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 2.1, + "baseSeverity": "LOW" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-358" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41908.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41908.json new file mode 100644 index 00000000000..a725cf0d404 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41908.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41908", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:14.110", + "lastModified": "2024-08-13T08:15:14.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-357412.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41938.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41938.json new file mode 100644 index 00000000000..5d8992449f1 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41938.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41938", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:14.353", + "lastModified": "2024-08-13T08:15:14.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41939.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41939.json new file mode 100644 index 00000000000..cc1d98366fa --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41939.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41939", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:14.610", + "lastModified": "2024-08-13T08:15:14.610", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41940.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41940.json new file mode 100644 index 00000000000..b9fcf41450b --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41940.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41940", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:14.890", + "lastModified": "2024-08-13T08:15:14.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41941.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41941.json new file mode 100644 index 00000000000..c52e25978ee --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41941.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41941", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:15.160", + "lastModified": "2024-08-13T08:15:15.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41976.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41976.json new file mode 100644 index 00000000000..c39ad12ad15 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41976.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41976", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:15.403", + "lastModified": "2024-08-13T08:15:15.403", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.6, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41977.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41977.json new file mode 100644 index 00000000000..e4a37e88781 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41977.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41977", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:15.640", + "lastModified": "2024-08-13T08:15:15.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-488" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41978.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41978.json new file mode 100644 index 00000000000..df637f2b1fb --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41978.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-41978", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-08-13T08:15:15.903", + "lastModified": "2024-08-13T08:15:15.903", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices insert sensitive information about the generation of 2FA tokens into log files. This could allow an authenticated remote attacker to forge 2FA tokens of other users." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e49b41eefc5..8b05bdcc211 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-13T08:00:25.647843+00:00 +2024-08-13T10:00:18.540667+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-13T07:15:13.677000+00:00 +2024-08-13T09:15:04.610000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -259667 +259685 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `18` -- [CVE-2024-6724](CVE-2024/CVE-2024-67xx/CVE-2024-6724.json) (`2024-08-13T06:15:04.083`) -- [CVE-2024-6823](CVE-2024/CVE-2024-68xx/CVE-2024-6823.json) (`2024-08-13T06:15:05.120`) -- [CVE-2024-7247](CVE-2024/CVE-2024-72xx/CVE-2024-7247.json) (`2024-08-13T06:15:05.777`) -- [CVE-2024-7715](CVE-2024/CVE-2024-77xx/CVE-2024-7715.json) (`2024-08-13T07:15:13.677`) +- [CVE-2024-36398](CVE-2024/CVE-2024-363xx/CVE-2024-36398.json) (`2024-08-13T08:15:10.540`) +- [CVE-2024-39922](CVE-2024/CVE-2024-399xx/CVE-2024-39922.json) (`2024-08-13T08:15:11.567`) +- [CVE-2024-41681](CVE-2024/CVE-2024-416xx/CVE-2024-41681.json) (`2024-08-13T08:15:11.847`) +- [CVE-2024-41682](CVE-2024/CVE-2024-416xx/CVE-2024-41682.json) (`2024-08-13T08:15:12.167`) +- [CVE-2024-41683](CVE-2024/CVE-2024-416xx/CVE-2024-41683.json) (`2024-08-13T08:15:12.440`) +- [CVE-2024-41903](CVE-2024/CVE-2024-419xx/CVE-2024-41903.json) (`2024-08-13T08:15:12.717`) +- [CVE-2024-41904](CVE-2024/CVE-2024-419xx/CVE-2024-41904.json) (`2024-08-13T08:15:13.003`) +- [CVE-2024-41905](CVE-2024/CVE-2024-419xx/CVE-2024-41905.json) (`2024-08-13T08:15:13.250`) +- [CVE-2024-41906](CVE-2024/CVE-2024-419xx/CVE-2024-41906.json) (`2024-08-13T08:15:13.560`) +- [CVE-2024-41907](CVE-2024/CVE-2024-419xx/CVE-2024-41907.json) (`2024-08-13T08:15:13.813`) +- [CVE-2024-41908](CVE-2024/CVE-2024-419xx/CVE-2024-41908.json) (`2024-08-13T08:15:14.110`) +- [CVE-2024-41938](CVE-2024/CVE-2024-419xx/CVE-2024-41938.json) (`2024-08-13T08:15:14.353`) +- [CVE-2024-41939](CVE-2024/CVE-2024-419xx/CVE-2024-41939.json) (`2024-08-13T08:15:14.610`) +- [CVE-2024-41940](CVE-2024/CVE-2024-419xx/CVE-2024-41940.json) (`2024-08-13T08:15:14.890`) +- [CVE-2024-41941](CVE-2024/CVE-2024-419xx/CVE-2024-41941.json) (`2024-08-13T08:15:15.160`) +- [CVE-2024-41976](CVE-2024/CVE-2024-419xx/CVE-2024-41976.json) (`2024-08-13T08:15:15.403`) +- [CVE-2024-41977](CVE-2024/CVE-2024-419xx/CVE-2024-41977.json) (`2024-08-13T08:15:15.640`) +- [CVE-2024-41978](CVE-2024/CVE-2024-419xx/CVE-2024-41978.json) (`2024-08-13T08:15:15.903`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `34` +- [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2024-08-13T08:15:07.287`) +- [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2024-08-13T08:15:07.533`) +- [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2024-08-13T08:15:07.770`) +- [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2024-08-13T08:15:08.033`) +- [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2024-08-13T08:15:08.297`) +- [CVE-2023-46280](CVE-2023/CVE-2023-462xx/CVE-2023-46280.json) (`2024-08-13T08:15:08.500`) +- [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-08-13T08:15:08.660`) +- [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-08-13T08:15:08.813`) +- [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-08-13T08:15:08.950`) +- [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-08-13T08:15:09.073`) +- [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-08-13T08:15:09.193`) +- [CVE-2023-49691](CVE-2023/CVE-2023-496xx/CVE-2023-49691.json) (`2024-08-13T08:15:09.340`) +- [CVE-2023-49692](CVE-2023/CVE-2023-496xx/CVE-2023-49692.json) (`2024-08-13T08:15:09.553`) +- [CVE-2024-26275](CVE-2024/CVE-2024-262xx/CVE-2024-26275.json) (`2024-08-13T08:15:09.747`) +- [CVE-2024-26276](CVE-2024/CVE-2024-262xx/CVE-2024-26276.json) (`2024-08-13T08:15:09.880`) +- [CVE-2024-26277](CVE-2024/CVE-2024-262xx/CVE-2024-26277.json) (`2024-08-13T08:15:10.003`) +- [CVE-2024-32635](CVE-2024/CVE-2024-326xx/CVE-2024-32635.json) (`2024-08-13T08:15:10.120`) +- [CVE-2024-32636](CVE-2024/CVE-2024-326xx/CVE-2024-32636.json) (`2024-08-13T08:15:10.260`) +- [CVE-2024-32637](CVE-2024/CVE-2024-326xx/CVE-2024-32637.json) (`2024-08-13T08:15:10.400`) +- [CVE-2024-35161](CVE-2024/CVE-2024-351xx/CVE-2024-35161.json) (`2024-08-13T09:15:04.610`) +- [CVE-2024-38867](CVE-2024/CVE-2024-388xx/CVE-2024-38867.json) (`2024-08-13T08:15:10.817`) +- [CVE-2024-38876](CVE-2024/CVE-2024-388xx/CVE-2024-38876.json) (`2024-08-13T08:15:10.983`) +- [CVE-2024-38877](CVE-2024/CVE-2024-388xx/CVE-2024-38877.json) (`2024-08-13T08:15:11.140`) +- [CVE-2024-38878](CVE-2024/CVE-2024-388xx/CVE-2024-38878.json) (`2024-08-13T08:15:11.293`) +- [CVE-2024-38879](CVE-2024/CVE-2024-388xx/CVE-2024-38879.json) (`2024-08-13T08:15:11.433`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e19a61999b3..33bfa61251f 100644 --- a/_state.csv +++ b/_state.csv @@ -202743,7 +202743,7 @@ CVE-2022-35864,0,0,1bfae45976b1ab402048c441952a0730ac732c7b125fee3474183c0ed1916 CVE-2022-35865,0,0,13db658c4f9fa51aa824acb6d7ab73b34dc88bc4061dbb82373ab1cfa301e49d,2022-08-09T16:02:59.510000 CVE-2022-35866,0,0,6eaa7476382bcac4a410312782e81300475b6119e48955b3be4d4924457f5ac0,2024-01-26T17:15:09.150000 CVE-2022-35867,0,0,4e98aaef4d8528a422de359562f3980ea48bcfdca0330eb4a91995c98b69347d,2022-08-09T17:09:45.950000 -CVE-2022-35868,0,0,cf7c7c871879f92225a771d98bd3aa6973e025219cbcd52743e8a27bc60dc53b,2024-02-08T18:40:59.770000 +CVE-2022-35868,0,1,7e3d72eb7bd2c8ddbc0a9c81ae221fdabf131ffecf6dbede8b1d30f468145d5c,2024-08-13T08:15:05.163000 CVE-2022-35869,0,0,0f972661f0e63c0eacd04a1a216ca22f6989a6e80b61e3d22ecb897c4052298d,2022-08-03T16:56:53.823000 CVE-2022-3587,0,0,cb951b8eea81bde9fedd4667bfd99ebcc9b6ae339be708c81e3b30d07e55c1a4,2023-12-28T16:46:19.600000 CVE-2022-35870,0,0,b1418410196ae5e521edfaf75de133f2c3b09c4ed39790f38b17949dc2d7375c,2022-08-03T16:53:38.657000 @@ -210394,7 +210394,7 @@ CVE-2022-4614,0,0,7a88b9ab43606aa2914a80ea88031f70b341635413883b9e98c0a9e68e11c6 CVE-2022-46140,0,0,0712d38e67b0ea79032215b4bf74ff40ac887fbb82d84f667826d6e174499b4a,2023-03-14T10:15:23.297000 CVE-2022-46141,0,0,7e8b1bd776ac3ead1331d8517aad43a677ddf61c6250b76e8d2fe91ca8d647d2,2023-12-15T15:25:08.557000 CVE-2022-46142,0,0,20adf9da98863cb88194bbb7f513fc1ee61c018019bc165f3c2b2a49e9c660b3,2023-03-14T10:15:24.137000 -CVE-2022-46143,0,0,8d7318c5b07f9c6022a971b6865552b01e7d182523948ddbb15d49630db9c740,2023-12-12T12:15:10.230000 +CVE-2022-46143,0,1,b2840c246c8f5cf8b044875496df1888552d6b323ee32c20f66a96f8ea7c1783,2024-08-13T08:15:05.483000 CVE-2022-46144,0,0,9f4d0a1d99f33ccf042d56c5770f1a63b93ead0d06152f6e232560517cd2ac5f,2024-06-11T09:15:12.590000 CVE-2022-46145,0,0,6bbab686c5e58e3eba776c5bf03bc3a160f730f487ff34eb9da030dbc8db223a,2023-06-23T17:54:04.830000 CVE-2022-46146,0,0,7165ae3c480087b46becbb3e46119b1ead04bccea1432ff5ddbe81728aa47431,2024-01-12T12:15:45.110000 @@ -219551,7 +219551,7 @@ CVE-2023-2629,0,0,21397e525ac41df26b8c18bc0045d1b7263f8621bfadf0b1224b0c2fbfedb9 CVE-2023-26290,0,0,b45b134fbb8059d4d4a1ebae8fcfa511a842f92cfbbd7470a968c4d99358ab04,2023-11-07T04:09:33.393000 CVE-2023-26291,0,0,06cc66dbb2bc40c140a9d706389f20fb4cb58bd9ff5dd353e4433818c6edbc38,2023-11-07T04:09:33.470000 CVE-2023-26292,0,0,6b6a08faca6011f65bd54a771eac398f442833e03384acc6e7bddbe0e1b409c1,2023-11-07T04:09:33.547000 -CVE-2023-26293,0,0,2a0bb028d9e82ec18ab7f751833c8c38858c13274d40e6be5a8f2a53555cfc97,2024-02-01T15:19:36.830000 +CVE-2023-26293,0,1,10ed6049b197b4081e362a20e4edecaffca5f5eb8f26627f0110e2d6ae638156,2024-08-13T08:15:05.880000 CVE-2023-26294,0,0,e1c003d89d6db5b0f3e03a2c8162e2cc504399d8e80fb184d565d393352ecd42,2023-06-16T18:48:22.633000 CVE-2023-26295,0,0,f04dfda8467c2311140c5490a6147562bfccf02c6808128b029721bd51c00d2c,2023-06-20T19:49:05.647000 CVE-2023-26296,0,0,92b400319439208ff67eea4ac1d130d48a5e4b5eb1567aea02b1dbcf32e6a990,2023-06-20T19:48:53.800000 @@ -228856,17 +228856,17 @@ CVE-2023-38519,0,0,6feaff72ade735a2704fe8b8d9fef165f38317b422d397afb665c1d949162 CVE-2023-3852,0,0,2e1924f99097894c16104baab278a5a9ebf2db30430b465cf669815f850b7012,2024-05-17T02:27:53.627000 CVE-2023-38520,0,0,197a50cf0e44468d0337f27c399e1eb786a843546ac6c93f4b96fc50b52947ed,2024-06-04T16:57:41.053000 CVE-2023-38521,0,0,db18a9cb610e915922179831c59c7c6fe34d72db737eedb8a3400ffd344e745d,2023-09-08T06:42:06.290000 -CVE-2023-38522,0,0,401fd9824fc98a507aca78cc7a85a7f2df19d6e78b6d29af8bc4a614835ee5d3,2024-08-12T13:38:32.837000 +CVE-2023-38522,0,1,3705cb7abacfca0d330b8bf15cb363bf3ff75592fdecba113317ee3087bef4c7,2024-08-13T09:15:04.310000 CVE-2023-38523,0,0,4aeddda5cda4b987f05bc442064079c7a51cd36ed6a7d399ee18b0f7f42fa30b,2023-08-01T15:24:35.470000 CVE-2023-38524,0,0,c9e82639b2360f7e976dd3c089d1e601c218712b31ea68380c38a40a316e9b16,2024-06-11T12:15:10.860000 CVE-2023-38525,0,0,a4b40a45af79e11e4c16594d15803bcacdf8a6cc50b68a023dfce812a89911bf,2024-06-11T12:15:11.073000 CVE-2023-38526,0,0,5c1b7c780b6ac94326eca1359e72390c8acae17eb185ba53be64dc13bb8d2f48,2024-06-11T12:15:11.213000 -CVE-2023-38527,0,0,b7e4202f4d6a64aeb24dcfa5bda2e2f53327ae2bc9397e6629ab5baeac9e277b,2024-06-11T12:15:11.363000 +CVE-2023-38527,0,1,bc1db887124c7f9708bbeb42c797729ab4a02bda89b6004c3e1eb19bd6310f4e,2024-08-13T08:15:06.110000 CVE-2023-38528,0,0,ecef100a8025d9e21349c7141a0f1437d6a269ac3c505cd935121d3166959698,2024-06-11T12:15:11.500000 -CVE-2023-38529,0,0,6ac03dde81d47e4492bb9f34b64497df7f66144ab9a661a6c9d8d13cea5183cc,2024-06-11T12:15:11.633000 +CVE-2023-38529,0,1,196f9e17e9512b17adbc0e97b216938a72092e0f36c413cc7fdfef87ddd308c0,2024-08-13T08:15:06.310000 CVE-2023-3853,0,0,122bf89d59764340de7782babfbd508593fee48979cc152d1ef2930b153133be,2024-05-17T02:27:53.740000 CVE-2023-38530,0,0,6072192cedd4af889097aa33d0b65fb33aed0c4d5231786be68fa212782c35b8,2024-06-11T12:15:11.777000 -CVE-2023-38531,0,0,29e9561d7b8cb0d1af9d869e8e788a3d45bcfeb98a371dbf098a8e26783c32cb,2024-06-11T12:15:11.907000 +CVE-2023-38531,0,1,a33fc6a54c5564cdb0aaca3d3d4510d19dd0972300a86b75a4bf042cebe110dc,2024-08-13T08:15:06.457000 CVE-2023-38532,0,0,523600b2a5028799263d298578c45fbee089e386d5a006abf211c6d0746e4b89,2024-06-11T12:15:12.053000 CVE-2023-38533,0,0,08104e07a00f54f81d588c890fadfea850ee2ddb32235187b01cc48bd44be939,2024-06-11T13:54:12.057000 CVE-2023-38534,0,0,faa4dbd5a129861ba727722b7a204dbec0cc464a8563ca6b84ca79b2877cdfa5,2024-03-14T12:52:16.723000 @@ -233163,13 +233163,13 @@ CVE-2023-44311,0,0,9f636032c75ac4719bb65806f83757bdf9682aff3f1b2894f2cbe3ab5b109 CVE-2023-44312,0,0,b55f0bed5b32fb9a10fa80dd795e2a2db26a169b62814fff44ce562370ac3d2a,2024-02-08T17:08:11.110000 CVE-2023-44313,0,0,788473dd20e15d46c26fea0a15a6b80abab92e76b77692224f7f5c1f6f19eb2b,2024-02-08T17:13:28.083000 CVE-2023-44315,0,0,989ee8dd510367f8ebba5e7cf28e331f132b578d9ff891d305f14cbf78005dc7,2024-07-09T12:15:09.857000 -CVE-2023-44317,0,0,d2022ba74698ea47de87a5f674557315a20bd3440db2f108285f8ec6b211a180,2024-06-11T09:15:13.730000 +CVE-2023-44317,0,1,5b40f3b137944ee7309810dc95cd6d4561ca4a6369ab8f1b610de660d4d5af0a,2024-08-13T08:15:06.607000 CVE-2023-44318,0,0,341d3d7b5d255dfa45a58efd8e36917c2d894512ced069601d4078d3de342de5,2024-06-11T09:15:14.333000 -CVE-2023-44319,0,0,0a92c1266cf4eac4f301a94e072ee383dad6f2e429dbc0a88f129c2007029611,2024-06-11T09:15:14.940000 +CVE-2023-44319,0,1,f1034bb4c3cfa156461340b46c9ac77771e8f34bb839833cb765da35f2c64cf9,2024-08-13T08:15:07.073000 CVE-2023-4432,0,0,51ff4ba9dfac44079fda611bd0d9b919e7063984434f59354de6e0beba3ce6e3,2023-08-23T16:58:29.763000 -CVE-2023-44320,0,0,ab2e4cb22642f02eea121f0471abf899d497f57073e6b778f071d0956c246e5d,2024-02-13T09:15:44.340000 -CVE-2023-44321,0,0,2fb3b5c1781f8ca576720814fca8d2072c6e7ce56c771166d63ffb3299f5854b,2024-06-11T12:15:12.800000 -CVE-2023-44322,0,0,4f5842d8581f4ab93226477e1336b510230a19893c843a57e93f177822cffcaa,2024-02-13T09:15:44.733000 +CVE-2023-44320,0,1,6344f9126342aa35fddb910bc60595b9532030a76bd0ffdb7a12da43fa45332e,2024-08-13T08:15:07.287000 +CVE-2023-44321,0,1,4d96c3edcd86c04f8abee4e92403b97d81a1c6794e81f7b6e407b7f611741095,2024-08-13T08:15:07.533000 +CVE-2023-44322,0,1,68f374f6c0b9ad2f427fc2e63de583c593c2eb890681d350c1db40e225e7d171,2024-08-13T08:15:07.770000 CVE-2023-44323,0,0,ff7a9922bdf6aa8039277a81ef2b9c6d30bece716d751d01a8b5f0e2e31e9add,2023-11-08T00:23:53.110000 CVE-2023-44324,0,0,3faf2d9f8507ba59dbb4d74e2c7ec76f2ac9734c35d28ed63f184027d317a1ed,2024-03-15T10:15:07.113000 CVE-2023-44325,0,0,4a9167d4b6576a59a7ad78436610e1cb61d6cc273b43ad752f5396b11d83fe6a,2023-11-22T17:44:29.977000 @@ -233218,8 +233218,8 @@ CVE-2023-44367,0,0,b2fa876e2c5c15f1395c9e41b01f1feb1719988292d1815b87ad4714f259d CVE-2023-4437,0,0,df0a9da3302d6af0df861f09577d9469303f893542a9e5ce64396ce50e5aa37d,2024-05-17T02:31:33.640000 CVE-2023-44371,0,0,bcac815259e9d0d227b6d57ce65befcbec474b70d67e89fe586add9b777aa421,2023-11-22T16:58:39.573000 CVE-2023-44372,0,0,eb6ed7074e4d7482b32cad1947a98bab6eedf35acd3f76700b52a63bd165fe2b,2024-02-23T19:15:08.467000 -CVE-2023-44373,0,0,36be5111f1c82b312e13f9ca6736d629eee8d406286134efef428b71aaae21ec,2024-06-11T09:15:15.377000 -CVE-2023-44374,0,0,ff25dd8550316b1e82470741ecf8bf52e7bb6b1d44771545d17eaf0baf5bf15f,2024-06-11T09:15:15.990000 +CVE-2023-44373,0,1,679e0f962cd10fe14e819ad59b51216c7708bba227ed36e648b8743542ab3d31,2024-08-13T08:15:08.033000 +CVE-2023-44374,0,1,b430949d488bb1a5130f412c5e0ae44503ab5e89484424fe561aaa673c3bb077,2024-08-13T08:15:08.297000 CVE-2023-44375,0,0,48b5cc51553000a2cfa67cea7f8a951d3659b6e093f2df35e76499db8afb9eef,2024-01-02T19:15:10.480000 CVE-2023-44376,0,0,03f27121c4f8ffca1841f5abcc6f000d7525e270077c8b212bbafd4e41d1bb9e,2024-01-02T19:15:10.550000 CVE-2023-44377,0,0,960eac8de781cbaac5ac605f1641529954ab7d1adeca62e37948b52710054780,2024-01-02T19:15:10.630000 @@ -234404,12 +234404,12 @@ CVE-2023-46277,0,0,a6fa4dbc780bfb3b6a6202bb0e83283f9b99e7e1a7b8f1ed53b4a92f0140d CVE-2023-46278,0,0,283a5f4d3b1f995039a2ae4f0ff4efe94da460721819375532b8f8104a5b1ff6,2023-11-08T23:22:08.177000 CVE-2023-46279,0,0,cad5cbf92c67be5e79c0f7d5a9fbe732104c543f1cf9a464893a67bc498495cf,2023-12-19T17:40:49.427000 CVE-2023-4628,0,0,9dd80f318e00bb6d35ea5e4f6175e104ad476846cbe758532913d6d17d532560,2024-03-12T12:40:13.500000 -CVE-2023-46280,0,0,45a435b701b1e99cd063a9bd021090f5b4fea921aab4e358165bb60e8d71ec9f,2024-07-09T12:15:09.983000 -CVE-2023-46281,0,0,d1c96645ec1997298cad04d09d109e8c4b1cf58cfd05201deffd95ab37859e27,2024-05-14T16:15:42.297000 -CVE-2023-46282,0,0,cb5f3820c6a5ec57a2b3c97683e7d8d26c9cb22829b0541441edf4e166d40acb,2024-05-14T16:15:43.203000 -CVE-2023-46283,0,0,fb39c731b7fc041236f809239a0e3765ae823cb7c7d031f07111a0b47cfa33b5,2024-05-14T16:15:44.003000 -CVE-2023-46284,0,0,a3dad8730ea3cdedd60916948921e6604f15a39c865cf05c00cd5c094269d89b,2024-05-14T16:15:45.017000 -CVE-2023-46285,0,0,98ad3de1716b4acc1982e0244e04cc6023297adb59fcf5b0728642aeef4911af,2024-05-14T16:15:45.917000 +CVE-2023-46280,0,1,cca9a4196b97bf87f929801fc57b778ce5bfa52e126f588c4e6fc746ec0bcff9,2024-08-13T08:15:08.500000 +CVE-2023-46281,0,1,9678d340eb8e8c3621a2295da0b683b5e535db74f413ed14e49bcf7e35065612,2024-08-13T08:15:08.660000 +CVE-2023-46282,0,1,714753b6e8e7ef185c481709b11ed97b39e6fe8519123ef990d1a58187414101,2024-08-13T08:15:08.813000 +CVE-2023-46283,0,1,bab6b2fd315ce2915b2ec49714854fb8bb67b39c2fc95b271f118cc3bddfba55,2024-08-13T08:15:08.950000 +CVE-2023-46284,0,1,ade280cffed44a7b9421e4fbda9724a436bd200e40758e77ae5e4208b337c9fc,2024-08-13T08:15:09.073000 +CVE-2023-46285,0,1,d188afff2af593d8f56e8e14ecfe1ee22fbe460fb35b399bc88e5907a79028e3,2024-08-13T08:15:09.193000 CVE-2023-46287,0,0,85a909e3e554790149fd7a7bdc6ee45250511abf7ba5aad16e27d821e125bedd,2023-10-26T17:05:56.627000 CVE-2023-46288,0,0,4e7c3d0f2a47c2cdb963e20693070bcb74b570c31f4c02925a81ed68bcc5f5b3,2024-05-01T18:15:10.563000 CVE-2023-46289,0,0,b718fe11c7d9982447dba29076a54dbfa45cb0ef9825d49911b46533095026f6,2023-11-07T18:18:35.950000 @@ -236844,8 +236844,8 @@ CVE-2023-49688,0,0,a5f89d12b475893ebdb5550737c740d16805195ddd6399e3298925ef8f7a2 CVE-2023-49689,0,0,195f004e514ebf379352087458a884e8450a7f773f64f87ef67d530bdf029e9f,2023-12-27T20:49:07.780000 CVE-2023-4969,0,0,744bd0cd4763140fc38006881ac562f2cd1b870d1a88ba37251cbcfb0871089f,2024-01-23T16:56:25.943000 CVE-2023-49690,0,0,999d02d01749b1b180865fd3573e2f572ecd04362da35ff492a3993eaef81495,2024-01-02T20:15:09.933000 -CVE-2023-49691,0,0,ccb3a62ba33d468bcb90021e017b4b3fea7b5e721eb8f9e419bbcf8ba616c357,2024-06-11T09:15:16.840000 -CVE-2023-49692,0,0,887e386d60be3151c8b5d054e95998b73b9f43f8cedd856f64bbb7970cec631c,2024-02-13T09:15:46.507000 +CVE-2023-49691,0,1,81013496a54ef0925524e74c4cfc8c9f041b36788804904c1161857af42f123d,2024-08-13T08:15:09.340000 +CVE-2023-49692,0,1,ed086762f7f32a4984a92deca01d74ba16600237d85b2ee8f1ef8417a630367e,2024-08-13T08:15:09.553000 CVE-2023-49693,0,0,89e556c9027decf6a274154cf28fa56775d660d6bb79978a3c9d9cb9d88a7524,2023-12-05T01:54:46.047000 CVE-2023-49694,0,0,d9890a558360fe6a8f62af5449bc61d293e813ded45dbac9797405356821f396,2023-12-05T01:54:34.097000 CVE-2023-49695,0,0,31cc92b76e39c54f94cdc6f7d8f4c1294f30378e3c140ae3131399183ab25363,2023-12-15T14:17:40.347000 @@ -246875,9 +246875,9 @@ CVE-2024-26268,0,0,a834c6859c82fe01c7319b79ec743ac2e1e48384520fe6bc3af73c96ba93c CVE-2024-26269,0,0,cb625b1bd944ac1bff27d9b34a6ef0746c8193395b27f4cce109495578d443cc,2024-02-22T19:07:37.840000 CVE-2024-2627,0,0,e439be7d2f37d06c2a4be60c3366459538fd000d9e0a2427e31ec28a8b0dbf4b,2024-08-08T21:35:10.330000 CVE-2024-26270,0,0,2370bdb7a99956787a3745aa3f3e8554faf5c6062fbc90c3c2a2f302e3ff3d08,2024-02-20T19:50:53.960000 -CVE-2024-26275,0,0,21e67c06e24d408ad1a549f766b54f5dfd1b4842df576d827b739e2a28d49505,2024-06-11T12:15:14.017000 -CVE-2024-26276,0,0,7406f6551c3634363606a828a01f36a4203616ca4676532db244783183501388,2024-06-11T12:15:14.153000 -CVE-2024-26277,0,0,53da675804208a63e801a731a45b8146add8b1e603e83f9c176483f042fa922f,2024-06-11T12:15:14.273000 +CVE-2024-26275,0,1,8dfbb329f4480275f3997f999c67156f6da28beb9598b03f6430ffd568c06a84,2024-08-13T08:15:09.747000 +CVE-2024-26276,0,1,ed958264a3e7c1b7d2ac25a218f34723a1e07c37a5fc5a5cc9f79cdf29775191,2024-08-13T08:15:09.880000 +CVE-2024-26277,0,1,38c0c6ef14e665cf88fac106ffd03b1734f58fbe675610b1f96bcc355b7c6807,2024-08-13T08:15:10.003000 CVE-2024-26278,0,0,a4bf5f7d4f5a8cc66cc891c37bd6872984880cd4b8b9e994fb28df36f06ab446,2024-07-19T18:53:12.727000 CVE-2024-26279,0,0,495c848487ea7b68d426f27b99de0402b60520a7c129465843fde2c78b15bbc3,2024-07-19T18:53:34.103000 CVE-2024-2628,0,0,09573b659ba12c91153fe41a3eb70641eb4f8cb568e4e66d7b1cdbd070a295c2,2024-08-06T19:35:04.207000 @@ -251354,9 +251354,9 @@ CVE-2024-32631,0,0,976960b3233145908ee4314174d96ae9dd1a5e40ad826957114103ac5674a CVE-2024-32632,0,0,e6384cc01582683119468e9848b671ebc539dd7dee05a03deb8d8f1b4d1f1993,2024-04-16T13:24:07.103000 CVE-2024-32633,0,0,19ad52f194d80eee7b9d476fc9a522e9cbf796c6004e91d4a96a91a259fcc742,2024-04-16T13:24:07.103000 CVE-2024-32634,0,0,43d388a83adeabeb1237fa331a2d12cfa391871d0a62537b40c518c9137c3766,2024-04-16T13:24:07.103000 -CVE-2024-32635,0,0,e3e5565ee2f0ef9200043e676540866236bb00b2ccc64d5aa9a199d53271d4a7,2024-05-14T19:17:55.627000 -CVE-2024-32636,0,0,181c1a0511a04c9fdfe7d907573020786241ff432d9875fd218c9e8ef8e577cb,2024-05-14T19:17:55.627000 -CVE-2024-32637,0,0,a7c07d4660064caf9af3b53143a0db8e8f29c66e9f92947ad28d7ce9bb5501d7,2024-05-14T19:17:55.627000 +CVE-2024-32635,0,1,394f2dd78385a39fe36e689d1af678bb5668148ab15de0a78a0573a4958a9c59,2024-08-13T08:15:10.120000 +CVE-2024-32636,0,1,ca36f8bffc29e00003438b022f666beafdd48df654150275974796d436bb0010,2024-08-13T08:15:10.260000 +CVE-2024-32637,0,1,ab31d0941abce293673c4b03fef248c906f30d3fbc8d1798d0a78de4928ecf8b,2024-08-13T08:15:10.400000 CVE-2024-32638,0,0,64e69b6286f832bc6f0cd7c0b6e78e47c45f311d06cafdc54ce151131c91d6d4,2024-07-03T01:56:53.103000 CVE-2024-32639,0,0,232ef605e4b2372003eb65a59a12a61d9eff09ea7045b736b7381401f755e0b9,2024-05-14T19:17:55.627000 CVE-2024-3264,0,0,4fd9bc9e99380154396f065d7cf7d8392313fe896c9d71fccf19b4661e489df6,2024-06-24T19:26:47.037000 @@ -252980,7 +252980,7 @@ CVE-2024-35154,0,0,7c994b7a6d7158efefd5e2d9a1e0bdd18fbe7152cacfbfaf67e2a7f91ec12 CVE-2024-35155,0,0,371571e1aae62a09e601d6099b5578266a4a707997394118a0b1e39997d5568b,2024-08-01T17:56:03.997000 CVE-2024-35156,0,0,7c4915a6e4fe8b0271ff6d9725c9fe229558124031a1900b31f29119291d2b8c,2024-07-01T12:37:24.220000 CVE-2024-3516,0,0,61323fc04733960d047e16de47c6d5cda2ae2931ba7c42276f6e75842f73a295,2024-07-03T02:06:20.027000 -CVE-2024-35161,0,0,1bc8d21dda3044e5ae73848911d8dfa9cb27966a87d6de7869a82e1a947adbec,2024-08-12T13:39:50.477000 +CVE-2024-35161,0,1,6aea9c3989d886688e1b7e99fb5bea03a80c08fc501d3b5e12f47ed8f4b07628,2024-08-13T09:15:04.610000 CVE-2024-35162,0,0,e2e13ef2eb30c7b92e657f4b1e361b879f73f57d79701db01dafa5276f6f5a54,2024-08-12T16:35:03.640000 CVE-2024-35165,0,0,a5a2ced0aefc202025ce7b223ffafe3ffc4109906dfd07a5a8a0577e3f72ac5b,2024-05-14T16:11:39.510000 CVE-2024-35166,0,0,288535809aded0d0429463b3203e908304fa856ed04133053a9493366e89b509,2024-05-14T16:11:39.510000 @@ -253917,6 +253917,7 @@ CVE-2024-36394,0,0,ce487e69c50908b259342c996fd749aeec003c1cc9ebc8d7c04cb76587e4b CVE-2024-36395,0,0,f89c2edf8412c7a856779bf7bdcd2dc639ea5537dbb90aaf5a59ca64c625227c,2024-07-19T18:34:58.837000 CVE-2024-36396,0,0,6296e5e5abad58fd92610447f6d594c40593fdd339b1a18f1de671640ea0ec15,2024-08-07T17:40:12.830000 CVE-2024-36397,0,0,397d32bfdb09c2d3f9db35c1f7589cf3773b581a432802ae94747ca8dbab95df,2024-08-08T14:52:17.297000 +CVE-2024-36398,1,1,5d0cf40180b275ae9fc57b4f7335602bd00cc9b2981a75922b6f11b82d4a648d,2024-08-13T08:15:10.540000 CVE-2024-36399,0,0,343a0b337c47a08f8ef5da762844b89fa9f0783d7ae2cdee4dacb27b86b494cf,2024-06-07T14:56:05.647000 CVE-2024-3640,0,0,634a3a61b60e4b6447ed9849adb2e8bddc05031ce5f2169a17d54b538992fc1b,2024-05-17T18:36:31.297000 CVE-2024-36400,0,0,47a38d468bfeafda14a4695dfbafb860220a66750f81a96f50551b5447b95aa6,2024-06-10T19:39:21.660000 @@ -255393,7 +255394,7 @@ CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045f CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d01,2024-05-02T18:00:37.360000 CVE-2024-38856,0,0,5bdac33e3c1769f797760792fc523b4e832fcce7196ab622177b90376f5d9d69,2024-08-06T13:35:01.497000 CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e638,2024-07-02T12:09:16.907000 -CVE-2024-38867,0,0,4bc8a346a92423127914d7bd932870dc2a7efecb39fecaf6981a89bcdb11978c,2024-07-09T18:19:14.047000 +CVE-2024-38867,0,1,0587553b0e73bb3d7fb83caa644dbd7ff748ca26af84fce237e8ae38fe20168b,2024-08-13T08:15:10.817000 CVE-2024-3887,0,0,7992ee60f5f26d3f15d818db21e67277dbf02ae9d208c24a54e5c01935424c21,2024-05-16T13:03:05.353000 CVE-2024-38870,0,0,4167db09a3d5f0d1fb37f47670f8f4f5bc2492675561171c559ebd86c6b84b27,2024-07-18T12:28:43.707000 CVE-2024-38871,0,0,7b8770d00947c719a3dd8fe17f4a1ff79757e750998a4996ef9fa64a87345086,2024-07-29T14:12:08.783000 @@ -255401,10 +255402,10 @@ CVE-2024-38872,0,0,dbf8cb370f3281d99398aef0cb2a514c7e42473174f976e3fef6fdbb067cc CVE-2024-38873,0,0,6889a908915a370dc32eb3b9351070cdb3a634a1b8f52aac6863c833e22f79b2,2024-07-03T02:05:21.267000 CVE-2024-38874,0,0,1c1b28247d06b02b2f044fb942d8a6aa89aab3909bc7e48738a346b7a68e1cc9,2024-06-21T11:22:01.687000 CVE-2024-38875,0,0,d18c0c1f05faa02ef048ee622890d874b54f8d91a4409a82414c9856f7ccdec0,2024-07-12T16:11:48.453000 -CVE-2024-38876,0,0,f37d327b0def2e29d3bc6bc3dacba715ce6d823e45c05553176d08d7c1cd9e79,2024-08-02T12:59:43.990000 -CVE-2024-38877,0,0,3c2802af256f993e9c9b1997654b28c298662bb9ea87dfa88b885cc43cb50c7c,2024-08-02T12:59:43.990000 -CVE-2024-38878,0,0,be9ed31353c78e492c6e88a7b293166827149613fca36318236d1aede1b61afa,2024-08-02T12:59:43.990000 -CVE-2024-38879,0,0,dc3bd179e6119486737c4f1168e051931d384978feb6aaddd27b647eedd9b13a,2024-08-02T12:59:43.990000 +CVE-2024-38876,0,1,ccd04c79533857063dcbf06cadc74557c79dc3e8ac98350df230d0b06b3c2732,2024-08-13T08:15:10.983000 +CVE-2024-38877,0,1,92a669ce00e3184d9acc95ecff13efbf4424a0a44bf529ff5b71996f6ef415fe,2024-08-13T08:15:11.140000 +CVE-2024-38878,0,1,e0cbe6db69126882fd9868bf050190fc5744969b032ce63732f277d3640cafa0,2024-08-13T08:15:11.293000 +CVE-2024-38879,0,1,061dfba5bc87f3ac7f768a7008b32952fc11607dc48e866352cf259904b8fcd2,2024-08-13T08:15:11.433000 CVE-2024-3888,0,0,bc342da7901e0094f72065e6dd2aedad38420d6e9d380693e035c77fa5fe3f90,2024-06-04T16:57:41.053000 CVE-2024-38881,0,0,2ea60d09d0d9ff87b6dd792d394f437879631637f2111fab8651cc5ce17e3b46,2024-08-07T16:15:44.930000 CVE-2024-38882,0,0,ea1448ebae28393db0b7622f2675e28d74dab9b17e97c9a882ec3bbe17d057da,2024-08-07T16:15:45 @@ -255949,6 +255950,7 @@ CVE-2024-39918,0,0,a01d13ae0b603735ac5bf07d7a2e68692283e08ddeecd7e6f7dcec848231b CVE-2024-39919,0,0,ef22e6bc228ea2cf3764fb5e5dab9f5aabfb0f60858f62004efb01879ab42cf0,2024-07-16T13:43:58.773000 CVE-2024-3992,0,0,d59b458f7245a3919fa8340af270cf293071474241b7e0b0583fac012fe7336d,2024-08-07T19:08:22.713000 CVE-2024-39920,0,0,6bef49e28b0964791fd5773db4da2a4c4749e9b59fc7a5ce56343d0a0b5eb623,2024-08-05T19:35:13.550000 +CVE-2024-39922,1,1,b89333caf950da4653b2ec0f0ab30e298687f5d026ebf9185c88168411fb1bad,2024-08-13T08:15:11.567000 CVE-2024-39927,0,0,717dcd9b351ff5b040ab1ae7299ad64aae73108f68a03a8e01e420f58c1fcdd4,2024-08-01T13:56:03.057000 CVE-2024-39929,0,0,a101bb24f7d63f090f20192946a102f9a39a1df49f06f499eb77157966db47ea,2024-07-09T16:22:58.760000 CVE-2024-3993,0,0,a2f94f13d02cfe8603a71433706e6cc2c5ad0c0e3e2fd5d51c299cf3fc301a73,2024-07-03T02:06:58.160000 @@ -256687,6 +256689,9 @@ CVE-2024-41672,0,0,22d9ca4e03b108f26bbb384eff42397f3ecb90b1b86b629c7d5509df37cbc CVE-2024-41676,0,0,61be418f160a9962fa96c6561684c479cc1e76f508200bb9c78cde88da1bdcd4,2024-07-29T16:21:52.517000 CVE-2024-41677,0,0,350177b79949244cfbc185c5f18aee412a8902a49d36a53e1d4b50536f1effd5,2024-08-12T18:51:29.497000 CVE-2024-4168,0,0,7f4f833c88738c683a47d814a058bf8a730868170937a9aca799097bc79bf22f,2024-06-04T19:20:31.690000 +CVE-2024-41681,1,1,50c462ab13c1b85217a2ab2aa24e4694b9f475d8ddc654460954ef0e0a9753fa,2024-08-13T08:15:11.847000 +CVE-2024-41682,1,1,2b2464c3ee98c49acbd919e7f5e34e6bd802d8388f87ab25acef6b2d477bdeed,2024-08-13T08:15:12.167000 +CVE-2024-41683,1,1,9780ad11940d3f32d58091a056b090b52b11484c73d996cf91c57ff9fc50fbf6,2024-08-13T08:15:12.440000 CVE-2024-41684,0,0,1b960d89046bc8e3eaa12e0c6287bde4affa573a56f4d64d5604ebe07482aab6,2024-08-06T13:25:49.640000 CVE-2024-41685,0,0,a068970e4306540ce1cc9df2cfd1edb284bc63da7de6424b24a52ab81b1f3ec4,2024-08-06T12:51:23.760000 CVE-2024-41686,0,0,0724427e4fba2566827e14754d55d09ae4da5068fe75928087f7f167ed7545e4,2024-08-06T13:20:05.540000 @@ -256771,6 +256776,12 @@ CVE-2024-41888,0,0,732035365d9dca966bbb01cf0554f084d6d5446f352b0bfbfd05d657e62c4 CVE-2024-41889,0,0,afc718e09b38fea98bf4af598c03af33eb38888a59959d88ad94aa8810cd502c,2024-08-07T19:35:11.473000 CVE-2024-41890,0,0,db9be7aaec3f0e305c1425d168e81c684e69b3cb2cbbd809f74a130e7ea87d73,2024-08-12T13:41:36.517000 CVE-2024-4190,0,0,937461468fcd73b26e47070e7d0620ac3009210ef2f47e2156f0b87dd1c21bc4,2024-06-13T18:36:09.013000 +CVE-2024-41903,1,1,9ec8defdeaf0474e771dced78b4e68b4ddb59cc3a8413a88a4543a10e24448b0,2024-08-13T08:15:12.717000 +CVE-2024-41904,1,1,d9d50831e94ac60e404deed7b6af874afdd1c5918cdf543c6e98305f959c46b9,2024-08-13T08:15:13.003000 +CVE-2024-41905,1,1,5c74655633f38bf188f38fb0a90f6c3ea4919cc759beef0a8a2cc40c3d74533c,2024-08-13T08:15:13.250000 +CVE-2024-41906,1,1,f3f4161f2c77c5cbaea7c1abd685df48a69f4f32b558220fb718bcaa4965e140,2024-08-13T08:15:13.560000 +CVE-2024-41907,1,1,d07be0d1be7beadc8da7999186b7159ef6079d20ea5f5345ce0c5192b04aded3,2024-08-13T08:15:13.813000 +CVE-2024-41908,1,1,3e3225b863bf687d2be1f70faa9e1698d73dbab5ab3f26e0cfe3ea3c137a2c1b,2024-08-13T08:15:14.110000 CVE-2024-41909,0,0,337038a3b5c59abd8e55d975739739e11455537d62050bba02f94002d048f34d,2024-08-12T18:57:29.247000 CVE-2024-41910,0,0,05e8a8305f60931af1e7f6df78a4476b8482c489e829a2c9df8e95a89a5ad19c,2024-08-08T18:15:10.897000 CVE-2024-41911,0,0,bcede814e75673c8612430bdf7cb23c705580c34203914afdea68119c277efad,2024-08-06T16:30:24.547000 @@ -256784,7 +256795,11 @@ CVE-2024-41924,0,0,06cc2d8c551d8fd39f4e2ff31447bb4070ddde2d992cf8f0c8cb1b0035280 CVE-2024-41926,0,0,13c43cd281b4a9b74f2496b8daab80f10df1e7e6bc024b50c3c661b49018ccc2,2024-08-01T16:45:25.400000 CVE-2024-4193,0,0,4d4f4fcde78b01b33e30a077c434c1714d01a9ac9cd58d916bc86b963b6ddbd7,2024-05-14T16:11:39.510000 CVE-2024-41936,0,0,3e7584de3119384718885fa91426c70960b6e9df5afd267fe806c0b221ea60dd,2024-08-12T13:41:36.517000 +CVE-2024-41938,1,1,ddfd3d26deac0162392d7581e0125c856605ef762a07dcd7ca53209e4c5caaf5,2024-08-13T08:15:14.353000 +CVE-2024-41939,1,1,debde528a56e104b5d10701cd73482901350eec4c14a18a5336b65360e5fb436,2024-08-13T08:15:14.610000 CVE-2024-4194,0,0,cb2c64b568e3bd7c78c9d4f736651c66722818abe246f3bc5aedd70e3521cb96,2024-06-06T14:17:35.017000 +CVE-2024-41940,1,1,84195dc8ecc8101f63b7d952c792fb8adea5349f5341ed8a2376ed93a70cff65,2024-08-13T08:15:14.890000 +CVE-2024-41941,1,1,8e5ac1eedf419d1b61544050c7dfd656c6038cc8de9711a933db4faf6bab3dc7,2024-08-13T08:15:15.160000 CVE-2024-41942,0,0,7923ac40921d31d0296434cafefbd05115f6a6de46c0d45a5dcdea9f8a32742f,2024-08-12T15:53:27.457000 CVE-2024-41943,0,0,e9522f5ef1fc490dfac21cbf940a07ce3841f4fb783f1339fe71b8d4141a64db,2024-07-31T12:57:02.300000 CVE-2024-41944,0,0,135d3dced80bc39762656a548dac91a6dee89920c44affdb521ffafdd868d70c,2024-07-31T12:57:02.300000 @@ -256810,6 +256825,9 @@ CVE-2024-41961,0,0,3c3cbde88cd825de8bae83de9e23bceebed48c0b620332721ebe0297499b9 CVE-2024-41962,0,0,5aa1ed6b30907704a36dc6fd122a906a648121941a14c73bf3eebe85b6d07876,2024-08-02T12:59:43.990000 CVE-2024-41965,0,0,2d1c3b12d760b98aa2eaba7bc040a10a4b90c52e44f9dfa32fdcb4160559d799,2024-08-09T14:09:32.507000 CVE-2024-4197,0,0,45da0b07f911473fe59b939894a184bd20b4010bb74cc514ccd6533e9d15c77b,2024-06-25T12:24:17.873000 +CVE-2024-41976,1,1,387abae391577a5e677e5839f9dce7e51f3265a1dccc97da15c65b14665baf5f,2024-08-13T08:15:15.403000 +CVE-2024-41977,1,1,948be1e5f151df35485ecd695eff5c8fa6dea1d6db65e7d979e78ef001ed5616,2024-08-13T08:15:15.640000 +CVE-2024-41978,1,1,98b3f91c7b29c337e3e96ae32968a63e556d5be66a9f1f06a387848c1996c5c8,2024-08-13T08:15:15.903000 CVE-2024-4198,0,0,10694c0c68dfe4c7db6b33a26dfbe4eb44c2b4223bfed9be5285208f068f86b9,2024-04-26T12:58:17.720000 CVE-2024-41989,0,0,e902f47b7607adc4839df00802ec4b9f801f5195050e557f24fe6e1b06bacb3c,2024-08-08T20:35:11.140000 CVE-2024-4199,0,0,fcf36265d6a610d83a178901804339aadd89406ac8a1349d6da6f71c3e13bfe9,2024-05-15T16:40:19.330000 @@ -259112,7 +259130,7 @@ CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c CVE-2024-6717,0,0,0b065284c5a83df80f016d53c3ebe26a820992221428250ad8b4acf1f2d75be1,2024-07-24T12:55:13.223000 CVE-2024-6720,0,0,1dc3a2e2b9f95baf4f0364462830a2005109f2f0ee9a4c40c2088696994c0bf6,2024-08-07T20:53:27.343000 CVE-2024-6721,0,0,20bc3ac9fd25b0ef666ff8f606cfc8f742981337efa5a16bd2cfa701fac87a51,2024-07-15T16:15:03.467000 -CVE-2024-6724,1,1,d6f0c65558e68f99aa98f137ee26bad13287cde07077fb7ac2146c2fd6833cbd,2024-08-13T06:15:04.083000 +CVE-2024-6724,0,0,d6f0c65558e68f99aa98f137ee26bad13287cde07077fb7ac2146c2fd6833cbd,2024-08-13T06:15:04.083000 CVE-2024-6725,0,0,02f518ea588b9f58d1f41a7ee9055d6a87d38c1076b40cf72b33d47960c5f058,2024-07-31T12:57:02.300000 CVE-2024-6726,0,0,67da9a54e5a829e4300bb2883a5b7a4407d07a460c0b67dc5027c2e9a4f78316,2024-07-30T13:33:30.653000 CVE-2024-6727,0,0,9d08fdd347dc87a0df3a4e157904c3068a4121c1538981e1be169dd75a3fc029,2024-07-30T13:33:30.653000 @@ -259174,7 +259192,7 @@ CVE-2024-6805,0,0,df9c24152184824aaec79a13a2bf3e8af4b412b0a659321142aa5850936d97 CVE-2024-6806,0,0,ee5c95118c41ce11e7d4b52c5bbead77dffa73ecabb9abea55db46ee557c211f,2024-07-24T12:55:13.223000 CVE-2024-6807,0,0,e4d3dc581aa656108086542a60085fb674561ed6b78bc58e0e899b44edae1d40,2024-08-06T11:16:07.450000 CVE-2024-6808,0,0,2df5a702fa4af6687f0c8dc8e100812ff9b6b346801edb239f41e0ca638c0076,2024-07-19T15:04:43.837000 -CVE-2024-6823,1,1,8c4a7dea1e2becf55798301bcb5fdc46f6ea3195981111648e71941f0f636703,2024-08-13T06:15:05.120000 +CVE-2024-6823,0,0,8c4a7dea1e2becf55798301bcb5fdc46f6ea3195981111648e71941f0f636703,2024-08-13T06:15:05.120000 CVE-2024-6824,0,0,2b5b10cc415939a34f32e5b37be54f877a179f9144de8a5e8476b884ab80faa8,2024-08-08T13:04:18.753000 CVE-2024-6828,0,0,5e3bce0050be5ef41f841daf735b80af46e729368278d26d6a7ddc5bbbdee66f,2024-07-24T12:55:13.223000 CVE-2024-6830,0,0,66325e33317c6fde8b929b285667c5104c4ae04492532b5067560968ff36e7fb,2024-07-18T12:28:43.707000 @@ -259400,7 +259418,7 @@ CVE-2024-7224,0,0,af2db88c20757182d6fe4e4cfa97afc8f203736333d30a696d87d762a1939e CVE-2024-7225,0,0,e974c1f8e77945a548823cf60aed30edab7ed3ad9e75b60e5161d6e31cd3da09,2024-07-30T13:32:45.943000 CVE-2024-7226,0,0,8ccb52401469e015e0678efa0fcd5200575cc7f7749dae8fc4bc7e839e645ade,2024-07-30T13:32:45.943000 CVE-2024-7246,0,0,b268ee120ca92b4c7d0a004d06b39e1ba37d5fd50d8d0e082e72d2daefd1725e,2024-08-06T16:30:24.547000 -CVE-2024-7247,1,1,10b6563bcca9299dadfcef2964f18720d9da0668c22a520ba8f836a0ac593e11,2024-08-13T06:15:05.777000 +CVE-2024-7247,0,0,10b6563bcca9299dadfcef2964f18720d9da0668c22a520ba8f836a0ac593e11,2024-08-13T06:15:05.777000 CVE-2024-7248,0,0,ebc2727ef1ac7b5ee7b71368a85d91d1db59260dc970f86f7476ace25fb5fea3,2024-07-30T13:32:45.943000 CVE-2024-7249,0,0,b1c62b4f237d55dfb39f8f205e178006f9409a78ccfd426e79f2f98ca375d833,2024-07-30T13:32:45.943000 CVE-2024-7250,0,0,2ad6dc357ed437eabcd60fe2775245fd2e54c1167d56f0a56470e33155a5fc4c,2024-07-30T13:32:45.943000 @@ -259665,4 +259683,4 @@ CVE-2024-7705,0,0,cf95b489808fa8132dfdd8d11fdf93e486e1b455e83524c7ef4630f887c078 CVE-2024-7706,0,0,dddae6f8d636e0e2c3ba2b1628309dfeb1aca307337fd2625268eab5b9b234c9,2024-08-12T23:15:19.417000 CVE-2024-7707,0,0,21170f2707eddb1f88d3623b0eff5f0856514ae1fb599ac77f04f14c1cb19563,2024-08-13T01:24:09.723000 CVE-2024-7709,0,0,7f617395257f5decd3ca8318abe3ce517c53d7b8c4baa7edc2f2c2b481a048c8,2024-08-13T01:24:10.067000 -CVE-2024-7715,1,1,674e3a8487a50dd01276fd949946f18896c90b358f8f5fb3b8739aee9ce4e714,2024-08-13T07:15:13.677000 +CVE-2024-7715,0,0,674e3a8487a50dd01276fd949946f18896c90b358f8f5fb3b8739aee9ce4e714,2024-08-13T07:15:13.677000