admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-15T12:00:24.122531+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-15 14:00:26 +02:00
parent 5e96ec302d
commit 85bb56631c
31 changed files with 1733 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-225xx/CVE-2022-22508.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-22508",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.370",
"lastModified": "2023-05-15T10:15:09.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17351&token=a7c02b2825fea2bcaf80c1a8e62097d72ec90f1a&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-40xx/CVE-2022-4048.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-4048",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:10.517",
"lastModified": "2023-05-15T10:15:10.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17350&token=2cee62285d3ec76d6a78dfa9b9e81e66f6136a2a&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47378.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47378",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.460",
"lastModified": "2023-05-15T10:15:09.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47379.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47379",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.530",
"lastModified": "2023-05-15T10:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47380.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47380",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.607",
"lastModified": "2023-05-15T10:15:09.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker may use a stack based\u00a0 out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47381.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47381",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.667",
"lastModified": "2023-05-15T10:15:09.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47382.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47382",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.737",
"lastModified": "2023-05-15T10:15:09.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47383.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47383",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.803",
"lastModified": "2023-05-15T10:15:09.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47384.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47384",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.863",
"lastModified": "2023-05-15T10:15:09.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47385.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47385",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.927",
"lastModified": "2023-05-15T10:15:09.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47386.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47386",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:09.993",
"lastModified": "2023-05-15T10:15:09.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47387.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47387",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:10.067",
"lastModified": "2023-05-15T10:15:10.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47388.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47388",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:10.157",
"lastModified": "2023-05-15T10:15:10.157",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47389.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47389",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:10.243",
"lastModified": "2023-05-15T10:15:10.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47390.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47390",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:10.327",
"lastModified": "2023-05-15T10:15:10.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead\u00a0to a denial-of-service condition, memory overwriting, or remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47391.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47391",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T10:15:10.390",
"lastModified": "2023-05-15T10:15:10.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17555&token=212fc7e39bdd260cab6d6ca84333d42f50bcb3da&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47392.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47392",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T11:15:08.750",
"lastModified": "2023-05-15T11:15:08.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead\u00a0to a denial-of-service condition."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

55
CVE-2022/CVE-2022-473xx/CVE-2022-47393.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47393",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-05-15T11:15:08.820",
"lastModified": "2023-05-15T11:15:08.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=17554&token=5444f53b4c90fe37043671a100dffa75305d1825&download=",
"source": "info@cert.vde.com"
}
]
}

40
CVE-2022/CVE-2022-479xx/CVE-2022-47937.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-47937",
"sourceIdentifier": "security@apache.org",
"published": "2023-05-15T10:15:10.457",
"lastModified": "2023-05-15T10:15:10.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** \n\n\n\n\n\nImproper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input.\n\n\n\n\nNOTE: This vulnerability \nonly affects products that are no longer supported by the maintainer\n\n\n\n\nThe org.apache.sling.commons.json bundle has been deprecated as of March\n 2017 and should not be used anymore. Consumers are encouraged to \nconsider the Apache Sling Commons Johnzon OSGi bundle provided by the \nApache Sling project, but may of course use other JSON libraries.\n\n\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/sling-org-apache-sling-commons-johnzon",
"source": "security@apache.org"
},
{
"url": "https://issues.apache.org/jira/browse/SLING-6536",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/sws7z50x47gv0c38q4kx6ktqrvrrg1pm",
"source": "security@apache.org"
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22684.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22684",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-15T11:15:08.887",
"lastModified": "2023-05-15T11:15:08.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <=\u00a01.5.3 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/subscribers-com/wordpress-subscribers-free-web-push-notifications-plugin-1-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-226xx/CVE-2023-22690.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22690",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-15T11:15:08.963",
"lastModified": "2023-05-15T11:15:08.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <=\u00a05.775 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ebook-store/wordpress-ebook-store-plugin-5-775-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-227xx/CVE-2023-22703.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-22703",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-15T11:15:09.023",
"lastModified": "2023-05-15T11:15:09.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP Contact Form plugin <=\u00a03.1.0 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wcp-contact-form/wordpress-wcp-contact-form-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2023/CVE-2023-234xx/CVE-2023-23445.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-23445",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.087",
"lastModified": "2023-05-15T11:15:09.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote\nattacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the\nREST interface.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-234xx/CVE-2023-23446.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-23446",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.160",
"lastModified": "2023-05-15T11:15:09.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers\n1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-234xx/CVE-2023-23447.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-23447",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.217",
"lastModified": "2023-05-15T11:15:09.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged\nremote attacker to influence the availability of the webserver by invocing several open file requests via\nthe REST interface.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-234xx/CVE-2023-23448.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-23448",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.280",
"lastModified": "2023-05-15T11:15:09.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nInclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a\nremote attacker to gain information about valid usernames via analysis of source code.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-540"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-234xx/CVE-2023-23449.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-23449",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.347",
"lastModified": "2023-05-15T11:15:09.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nObservable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker\nto gain information about valid usernames by analyzing challenge responses from the server via the\nREST interface.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-234xx/CVE-2023-23450.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-23450",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.407",
"lastModified": "2023-05-15T11:15:09.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nUse of Password Hash Instead of Password for Authentication in SICK FTMg AIR\nFLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526\nallows an unprivileged remote attacker to use a password hash instead of an actual password to login\nto a valid user account via the REST interface.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-836"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-314xx/CVE-2023-31408.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-31408",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.477",
"lastModified": "2023-05-15T11:15:09.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nCleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with\nPartnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote\nattacker to potentially steal user credentials that are stored in the user\u2019s browsers local storage via\ncross-site-scripting attacks.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

63
CVE-2023/CVE-2023-314xx/CVE-2023-31409.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-31409",
"sourceIdentifier": "psirt@sick.de",
"published": "2023-05-15T11:15:09.550",
"lastModified": "2023-05-15T11:15:09.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@sick.de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.json",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0004.pdf",
"source": "psirt@sick.de"
},
{
"url": "https://sick.com/psirt",
"source": "psirt@sick.de"
}
]
}

40
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-05-15T10:00:23.656609+00:00 2023-05-15T12:00:24.122531+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-05-15T09:15:09.893000+00:00 2023-05-15T11:15:09.550000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,15 +29,43 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
215192 215222
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `2` Recently added CVEs: `30`
* [CVE-2023-1698](CVE-2023/CVE-2023-16xx/CVE-2023-1698.json) (`2023-05-15T09:15:09.510`) * [CVE-2022-22508](CVE-2022/CVE-2022-225xx/CVE-2022-22508.json) (`2023-05-15T10:15:09.370`)
* [CVE-2023-22318](CVE-2023/CVE-2023-223xx/CVE-2023-22318.json) (`2023-05-15T09:15:09.893`) * [CVE-2022-4048](CVE-2022/CVE-2022-40xx/CVE-2022-4048.json) (`2023-05-15T10:15:10.517`)
* [CVE-2022-47378](CVE-2022/CVE-2022-473xx/CVE-2022-47378.json) (`2023-05-15T10:15:09.460`)
* [CVE-2022-47379](CVE-2022/CVE-2022-473xx/CVE-2022-47379.json) (`2023-05-15T10:15:09.530`)
* [CVE-2022-47380](CVE-2022/CVE-2022-473xx/CVE-2022-47380.json) (`2023-05-15T10:15:09.607`)
* [CVE-2022-47381](CVE-2022/CVE-2022-473xx/CVE-2022-47381.json) (`2023-05-15T10:15:09.667`)
* [CVE-2022-47382](CVE-2022/CVE-2022-473xx/CVE-2022-47382.json) (`2023-05-15T10:15:09.737`)
* [CVE-2022-47383](CVE-2022/CVE-2022-473xx/CVE-2022-47383.json) (`2023-05-15T10:15:09.803`)
* [CVE-2022-47384](CVE-2022/CVE-2022-473xx/CVE-2022-47384.json) (`2023-05-15T10:15:09.863`)
* [CVE-2022-47385](CVE-2022/CVE-2022-473xx/CVE-2022-47385.json) (`2023-05-15T10:15:09.927`)
* [CVE-2022-47386](CVE-2022/CVE-2022-473xx/CVE-2022-47386.json) (`2023-05-15T10:15:09.993`)
* [CVE-2022-47387](CVE-2022/CVE-2022-473xx/CVE-2022-47387.json) (`2023-05-15T10:15:10.067`)
* [CVE-2022-47388](CVE-2022/CVE-2022-473xx/CVE-2022-47388.json) (`2023-05-15T10:15:10.157`)
* [CVE-2022-47389](CVE-2022/CVE-2022-473xx/CVE-2022-47389.json) (`2023-05-15T10:15:10.243`)
* [CVE-2022-47390](CVE-2022/CVE-2022-473xx/CVE-2022-47390.json) (`2023-05-15T10:15:10.327`)
* [CVE-2022-47391](CVE-2022/CVE-2022-473xx/CVE-2022-47391.json) (`2023-05-15T10:15:10.390`)
* [CVE-2022-47392](CVE-2022/CVE-2022-473xx/CVE-2022-47392.json) (`2023-05-15T11:15:08.750`)
* [CVE-2022-47393](CVE-2022/CVE-2022-473xx/CVE-2022-47393.json) (`2023-05-15T11:15:08.820`)
* [CVE-2022-47937](CVE-2022/CVE-2022-479xx/CVE-2022-47937.json) (`2023-05-15T10:15:10.457`)
* [CVE-2023-22684](CVE-2023/CVE-2023-226xx/CVE-2023-22684.json) (`2023-05-15T11:15:08.887`)
* [CVE-2023-22690](CVE-2023/CVE-2023-226xx/CVE-2023-22690.json) (`2023-05-15T11:15:08.963`)
* [CVE-2023-22703](CVE-2023/CVE-2023-227xx/CVE-2023-22703.json) (`2023-05-15T11:15:09.023`)
* [CVE-2023-23445](CVE-2023/CVE-2023-234xx/CVE-2023-23445.json) (`2023-05-15T11:15:09.087`)
* [CVE-2023-23446](CVE-2023/CVE-2023-234xx/CVE-2023-23446.json) (`2023-05-15T11:15:09.160`)
* [CVE-2023-23447](CVE-2023/CVE-2023-234xx/CVE-2023-23447.json) (`2023-05-15T11:15:09.217`)
* [CVE-2023-23448](CVE-2023/CVE-2023-234xx/CVE-2023-23448.json) (`2023-05-15T11:15:09.280`)
* [CVE-2023-23449](CVE-2023/CVE-2023-234xx/CVE-2023-23449.json) (`2023-05-15T11:15:09.347`)
* [CVE-2023-23450](CVE-2023/CVE-2023-234xx/CVE-2023-23450.json) (`2023-05-15T11:15:09.407`)
* [CVE-2023-31408](CVE-2023/CVE-2023-314xx/CVE-2023-31408.json) (`2023-05-15T11:15:09.477`)
* [CVE-2023-31409](CVE-2023/CVE-2023-314xx/CVE-2023-31409.json) (`2023-05-15T11:15:09.550`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit