diff --git a/CVE-2022/CVE-2022-225xx/CVE-2022-22508.json b/CVE-2022/CVE-2022-225xx/CVE-2022-22508.json new file mode 100644 index 00000000000..96936ab6485 --- /dev/null +++ b/CVE-2022/CVE-2022-225xx/CVE-2022-22508.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-22508", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.370", + "lastModified": "2023-05-15T10:15:09.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17351&token=a7c02b2825fea2bcaf80c1a8e62097d72ec90f1a&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json b/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json new file mode 100644 index 00000000000..0d023b97d18 --- /dev/null +++ b/CVE-2022/CVE-2022-40xx/CVE-2022-4048.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-4048", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:10.517", + "lastModified": "2023-05-15T10:15:10.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17350&token=2cee62285d3ec76d6a78dfa9b9e81e66f6136a2a&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json new file mode 100644 index 00000000000..197c3ef7155 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47378.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47378", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.460", + "lastModified": "2023-05-15T10:15:09.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47379.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47379.json new file mode 100644 index 00000000000..54d16fbf17b --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47379.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47379", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.530", + "lastModified": "2023-05-15T10:15:09.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47380.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47380.json new file mode 100644 index 00000000000..423871bd479 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47380.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47380", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.607", + "lastModified": "2023-05-15T10:15:09.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated remote attacker may use a stack based\u00a0 out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47381.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47381.json new file mode 100644 index 00000000000..86c4c94f5d2 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47381.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47381", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.667", + "lastModified": "2023-05-15T10:15:09.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47382.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47382.json new file mode 100644 index 00000000000..e97f37c454e --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47382.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47382", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.737", + "lastModified": "2023-05-15T10:15:09.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47383.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47383.json new file mode 100644 index 00000000000..20837ddba92 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47383.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47383", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.803", + "lastModified": "2023-05-15T10:15:09.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47384.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47384.json new file mode 100644 index 00000000000..1524f1b1941 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47384.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47384", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.863", + "lastModified": "2023-05-15T10:15:09.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47385.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47385.json new file mode 100644 index 00000000000..4118b6fbde1 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47385.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47385", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.927", + "lastModified": "2023-05-15T10:15:09.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47386.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47386.json new file mode 100644 index 00000000000..2ad60580749 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47386.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47386", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:09.993", + "lastModified": "2023-05-15T10:15:09.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47387.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47387.json new file mode 100644 index 00000000000..cdaba02daac --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47387.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47387", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:10.067", + "lastModified": "2023-05-15T10:15:10.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47388.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47388.json new file mode 100644 index 00000000000..4f554a72fec --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47388.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47388", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:10.157", + "lastModified": "2023-05-15T10:15:10.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47389.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47389.json new file mode 100644 index 00000000000..42758c485f3 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47389.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47389", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:10.243", + "lastModified": "2023-05-15T10:15:10.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47390.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47390.json new file mode 100644 index 00000000000..4b80c031e91 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47390.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47390", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:10.327", + "lastModified": "2023-05-15T10:15:10.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json new file mode 100644 index 00000000000..4dd72492a9b --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47391.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47391", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T10:15:10.390", + "lastModified": "2023-05-15T10:15:10.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json new file mode 100644 index 00000000000..bf8697190d8 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47392.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47392", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T11:15:08.750", + "lastModified": "2023-05-15T11:15:08.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead\u00a0to a denial-of-service condition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47393.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47393.json new file mode 100644 index 00000000000..03408409103 --- /dev/null +++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47393.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-47393", + "sourceIdentifier": "info@cert.vde.com", + "published": "2023-05-15T11:15:08.820", + "lastModified": "2023-05-15T11:15:08.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47937.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47937.json new file mode 100644 index 00000000000..2f85fd90e94 --- /dev/null +++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47937.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2022-47937", + "sourceIdentifier": "security@apache.org", + "published": "2023-05-15T10:15:10.457", + "lastModified": "2023-05-15T10:15:10.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** \n\n\n\n\n\nImproper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input.\n\n\n\n\nNOTE: This vulnerability \nonly affects products that are no longer supported by the maintainer\n\n\n\n\nThe org.apache.sling.commons.json bundle has been deprecated as of March\n 2017 and should not be used anymore. Consumers are encouraged to \nconsider the Apache Sling Commons Johnzon OSGi bundle provided by the \nApache Sling project, but may of course use other JSON libraries.\n\n\n\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/sling-org-apache-sling-commons-johnzon", + "source": "security@apache.org" + }, + { + "url": "https://issues.apache.org/jira/browse/SLING-6536", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/sws7z50x47gv0c38q4kx6ktqrvrrg1pm", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22684.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22684.json new file mode 100644 index 00000000000..f2878fade37 --- /dev/null +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22684.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22684", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-15T11:15:08.887", + "lastModified": "2023-05-15T11:15:08.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <=\u00a01.5.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/subscribers-com/wordpress-subscribers-free-web-push-notifications-plugin-1-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22690.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22690.json new file mode 100644 index 00000000000..1f8bf350b43 --- /dev/null +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22690.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22690", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-15T11:15:08.963", + "lastModified": "2023-05-15T11:15:08.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <=\u00a05.775 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/ebook-store/wordpress-ebook-store-plugin-5-775-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-227xx/CVE-2023-22703.json b/CVE-2023/CVE-2023-227xx/CVE-2023-22703.json new file mode 100644 index 00000000000..fe330c9ab59 --- /dev/null +++ b/CVE-2023/CVE-2023-227xx/CVE-2023-22703.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-22703", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-05-15T11:15:09.023", + "lastModified": "2023-05-15T11:15:09.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP Contact Form plugin <=\u00a03.1.0 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wcp-contact-form/wordpress-wcp-contact-form-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23445.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23445.json new file mode 100644 index 00000000000..e5286145588 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23445.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23445", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.087", + "lastModified": "2023-05-15T11:15:09.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23446.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23446.json new file mode 100644 index 00000000000..a8fdee3f19f --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23446.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23446", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.160", + "lastModified": "2023-05-15T11:15:09.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23447.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23447.json new file mode 100644 index 00000000000..3e71499e64d --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23447.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23447", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.217", + "lastModified": "2023-05-15T11:15:09.217", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23448.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23448.json new file mode 100644 index 00000000000..0a09313e383 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23448.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23448", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.280", + "lastModified": "2023-05-15T11:15:09.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nInclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-540" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23449.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23449.json new file mode 100644 index 00000000000..6774f6925b2 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23449.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23449", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.347", + "lastModified": "2023-05-15T11:15:09.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nObservable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-204" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23450.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23450.json new file mode 100644 index 00000000000..8173ef707de --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23450.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-23450", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.407", + "lastModified": "2023-05-15T11:15:09.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nUse of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-836" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31408.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31408.json new file mode 100644 index 00000000000..972046e9a9e --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31408.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-31408", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.477", + "lastModified": "2023-05-15T11:15:09.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nCleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31409.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31409.json new file mode 100644 index 00000000000..4b879806262 --- /dev/null +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31409.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-31409", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-05-15T11:15:09.550", + "lastModified": "2023-05-15T11:15:09.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 057b0b277e1..746624e12fb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-15T10:00:23.656609+00:00 +2023-05-15T12:00:24.122531+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-15T09:15:09.893000+00:00 +2023-05-15T11:15:09.550000+00:00 ``` ### Last Data Feed Release @@ -29,15 +29,43 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -215192 +215222 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `30` -* [CVE-2023-1698](CVE-2023/CVE-2023-16xx/CVE-2023-1698.json) (`2023-05-15T09:15:09.510`) -* [CVE-2023-22318](CVE-2023/CVE-2023-223xx/CVE-2023-22318.json) (`2023-05-15T09:15:09.893`) +* [CVE-2022-22508](CVE-2022/CVE-2022-225xx/CVE-2022-22508.json) (`2023-05-15T10:15:09.370`) +* [CVE-2022-4048](CVE-2022/CVE-2022-40xx/CVE-2022-4048.json) (`2023-05-15T10:15:10.517`) +* [CVE-2022-47378](CVE-2022/CVE-2022-473xx/CVE-2022-47378.json) (`2023-05-15T10:15:09.460`) +* [CVE-2022-47379](CVE-2022/CVE-2022-473xx/CVE-2022-47379.json) (`2023-05-15T10:15:09.530`) +* [CVE-2022-47380](CVE-2022/CVE-2022-473xx/CVE-2022-47380.json) (`2023-05-15T10:15:09.607`) +* [CVE-2022-47381](CVE-2022/CVE-2022-473xx/CVE-2022-47381.json) (`2023-05-15T10:15:09.667`) +* [CVE-2022-47382](CVE-2022/CVE-2022-473xx/CVE-2022-47382.json) (`2023-05-15T10:15:09.737`) +* [CVE-2022-47383](CVE-2022/CVE-2022-473xx/CVE-2022-47383.json) (`2023-05-15T10:15:09.803`) +* [CVE-2022-47384](CVE-2022/CVE-2022-473xx/CVE-2022-47384.json) (`2023-05-15T10:15:09.863`) +* [CVE-2022-47385](CVE-2022/CVE-2022-473xx/CVE-2022-47385.json) (`2023-05-15T10:15:09.927`) +* [CVE-2022-47386](CVE-2022/CVE-2022-473xx/CVE-2022-47386.json) (`2023-05-15T10:15:09.993`) +* [CVE-2022-47387](CVE-2022/CVE-2022-473xx/CVE-2022-47387.json) (`2023-05-15T10:15:10.067`) +* [CVE-2022-47388](CVE-2022/CVE-2022-473xx/CVE-2022-47388.json) (`2023-05-15T10:15:10.157`) +* [CVE-2022-47389](CVE-2022/CVE-2022-473xx/CVE-2022-47389.json) (`2023-05-15T10:15:10.243`) +* [CVE-2022-47390](CVE-2022/CVE-2022-473xx/CVE-2022-47390.json) (`2023-05-15T10:15:10.327`) +* [CVE-2022-47391](CVE-2022/CVE-2022-473xx/CVE-2022-47391.json) (`2023-05-15T10:15:10.390`) +* [CVE-2022-47392](CVE-2022/CVE-2022-473xx/CVE-2022-47392.json) (`2023-05-15T11:15:08.750`) +* [CVE-2022-47393](CVE-2022/CVE-2022-473xx/CVE-2022-47393.json) (`2023-05-15T11:15:08.820`) +* [CVE-2022-47937](CVE-2022/CVE-2022-479xx/CVE-2022-47937.json) (`2023-05-15T10:15:10.457`) +* [CVE-2023-22684](CVE-2023/CVE-2023-226xx/CVE-2023-22684.json) (`2023-05-15T11:15:08.887`) +* [CVE-2023-22690](CVE-2023/CVE-2023-226xx/CVE-2023-22690.json) (`2023-05-15T11:15:08.963`) +* [CVE-2023-22703](CVE-2023/CVE-2023-227xx/CVE-2023-22703.json) (`2023-05-15T11:15:09.023`) +* [CVE-2023-23445](CVE-2023/CVE-2023-234xx/CVE-2023-23445.json) (`2023-05-15T11:15:09.087`) +* [CVE-2023-23446](CVE-2023/CVE-2023-234xx/CVE-2023-23446.json) (`2023-05-15T11:15:09.160`) +* [CVE-2023-23447](CVE-2023/CVE-2023-234xx/CVE-2023-23447.json) (`2023-05-15T11:15:09.217`) +* [CVE-2023-23448](CVE-2023/CVE-2023-234xx/CVE-2023-23448.json) (`2023-05-15T11:15:09.280`) +* [CVE-2023-23449](CVE-2023/CVE-2023-234xx/CVE-2023-23449.json) (`2023-05-15T11:15:09.347`) +* [CVE-2023-23450](CVE-2023/CVE-2023-234xx/CVE-2023-23450.json) (`2023-05-15T11:15:09.407`) +* [CVE-2023-31408](CVE-2023/CVE-2023-314xx/CVE-2023-31408.json) (`2023-05-15T11:15:09.477`) +* [CVE-2023-31409](CVE-2023/CVE-2023-314xx/CVE-2023-31409.json) (`2023-05-15T11:15:09.550`) ### CVEs modified in the last Commit