From b17958f4e6f6890a3506bd2e14c7678f25e13774 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 9 Oct 2023 14:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-09T14:00:24.478148+00:00 --- CVE-2023/CVE-2023-436xx/CVE-2023-43696.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-436xx/CVE-2023-43697.json | 63 +++++++++++++++++++ CVE-2023/CVE-2023-436xx/CVE-2023-43698.json | 63 +++++++++++++++++++ CVE-2023/CVE-2023-436xx/CVE-2023-43699.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-437xx/CVE-2023-43700.json | 67 +++++++++++++++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45247.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45248.json | 59 ++++++++++++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5100.json | 63 +++++++++++++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5101.json | 63 +++++++++++++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5102.json | 63 +++++++++++++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5103.json | 63 +++++++++++++++++++ README.md | 31 +++++----- 12 files changed, 712 insertions(+), 16 deletions(-) create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43696.json create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43697.json create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43698.json create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43699.json create mode 100644 CVE-2023/CVE-2023-437xx/CVE-2023-43700.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45247.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45248.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5100.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5101.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5102.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5103.json diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43696.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43696.json new file mode 100644 index 00000000000..5c7022fa29d --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43696.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-43696", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T12:15:10.067", + "lastModified": "2023-10-09T12:15:10.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper Access Control in SICK APU allows an unprivileged remote attacker to\ndownload as well as upload arbitrary files via anonymous access to the FTP server.\n\n" + }, + { + "lang": "es", + "value": "Un control de acceso inadecuado en SICK APU permite a un atacante remoto sin privilegios descargar y cargar archivos arbitrarios mediante acceso an\u00f3nimo al servidor FTP." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43697.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43697.json new file mode 100644 index 00000000000..a14c36c8cfc --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43697.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-43697", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T13:15:10.323", + "lastModified": "2023-10-09T13:15:10.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-471" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43698.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43698.json new file mode 100644 index 00000000000..052ef6f41f1 --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43698.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-43698", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T13:15:10.407", + "lastModified": "2023-10-09T13:15:10.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper Neutralization of Input During Web Page Generation (\u2019Cross-site Scripting\u2019) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients\nbrowser via injecting code into the website.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43699.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43699.json new file mode 100644 index 00000000000..50fc116db0e --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43699.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-43699", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T12:15:10.140", + "lastModified": "2023-10-09T12:15:10.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nImproper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU\nallows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts\nare not limited.\n\n" + }, + { + "lang": "es", + "value": "La restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos de RDT400 en SICK APU permite a un atacante remoto sin privilegios adivinar la contrase\u00f1a mediante prueba y error, ya que los intentos de inicio de sesi\u00f3n no est\u00e1n limitados." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43700.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43700.json new file mode 100644 index 00000000000..fd20a27259e --- /dev/null +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43700.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-43700", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T12:15:10.207", + "lastModified": "2023-10-09T12:15:10.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.\n\n" + }, + { + "lang": "es", + "value": "La falta de autorizaci\u00f3n de RDT400 en SICK APU permite a un atacante remoto sin privilegios modificar datos a trav\u00e9s de solicitudes HTTP que no requieren autenticaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45247.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45247.json new file mode 100644 index 00000000000..38eddaf06d1 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45247.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45247", + "sourceIdentifier": "security@acronis.com", + "published": "2023-10-09T12:15:10.277", + "lastModified": "2023-10-09T12:15:10.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 36497." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-6600", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45248.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45248.json new file mode 100644 index 00000000000..3c3aa64d447 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45248.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45248", + "sourceIdentifier": "security@acronis.com", + "published": "2023-10-09T12:15:10.347", + "lastModified": "2023-10-09T12:15:10.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497." + }, + { + "lang": "es", + "value": "Escalada de privilegios locales debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilaci\u00f3n 36497." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-6052", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5100.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5100.json new file mode 100644 index 00000000000..d6fd408ac1e --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5100.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5100", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T13:15:10.487", + "lastModified": "2023-10-09T13:15:10.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nCleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an\nunprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic\nthat is not encrypted.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5101.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5101.json new file mode 100644 index 00000000000..dd6ceca275a --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5101.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5101", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T13:15:10.557", + "lastModified": "2023-10-09T13:15:10.557", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nFiles or Directories Accessible to External Parties in RDT400 in SICK APU allows an\nunprivileged remote attacker to download various files from the server via HTTP requests.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5102.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5102.json new file mode 100644 index 00000000000..05609c0e2a4 --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5102.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5102", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T13:15:10.627", + "lastModified": "2023-10-09T13:15:10.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nInsufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-691" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5103.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5103.json new file mode 100644 index 00000000000..687934f3e13 --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5103.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5103", + "sourceIdentifier": "psirt@sick.de", + "published": "2023-10-09T13:15:10.697", + "lastModified": "2023-10-09T13:15:10.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into\nclicking on an actionable item using an iframe.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@sick.de", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + } + ], + "references": [ + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf", + "source": "psirt@sick.de" + }, + { + "url": "https://sick.com/psirt", + "source": "psirt@sick.de" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 58000ada3c2..80987292475 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-09T12:00:25.871338+00:00 +2023-10-09T14:00:24.478148+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-09T11:15:11.363000+00:00 +2023-10-09T13:15:10.697000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227215 +227226 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `11` -* [CVE-2023-44236](CVE-2023/CVE-2023-442xx/CVE-2023-44236.json) (`2023-10-09T10:15:22.763`) -* [CVE-2023-44237](CVE-2023/CVE-2023-442xx/CVE-2023-44237.json) (`2023-10-09T10:15:22.903`) -* [CVE-2023-44238](CVE-2023/CVE-2023-442xx/CVE-2023-44238.json) (`2023-10-09T10:15:22.987`) -* [CVE-2023-44246](CVE-2023/CVE-2023-442xx/CVE-2023-44246.json) (`2023-10-09T10:15:23.067`) -* [CVE-2023-44240](CVE-2023/CVE-2023-442xx/CVE-2023-44240.json) (`2023-10-09T11:15:10.723`) -* [CVE-2023-44473](CVE-2023/CVE-2023-444xx/CVE-2023-44473.json) (`2023-10-09T11:15:10.813`) -* [CVE-2023-44993](CVE-2023/CVE-2023-449xx/CVE-2023-44993.json) (`2023-10-09T11:15:10.900`) -* [CVE-2023-45612](CVE-2023/CVE-2023-456xx/CVE-2023-45612.json) (`2023-10-09T11:15:11.020`) -* [CVE-2023-45613](CVE-2023/CVE-2023-456xx/CVE-2023-45613.json) (`2023-10-09T11:15:11.110`) -* [CVE-2023-5330](CVE-2023/CVE-2023-53xx/CVE-2023-5330.json) (`2023-10-09T11:15:11.197`) -* [CVE-2023-5331](CVE-2023/CVE-2023-53xx/CVE-2023-5331.json) (`2023-10-09T11:15:11.280`) -* [CVE-2023-5333](CVE-2023/CVE-2023-53xx/CVE-2023-5333.json) (`2023-10-09T11:15:11.363`) +* [CVE-2023-43696](CVE-2023/CVE-2023-436xx/CVE-2023-43696.json) (`2023-10-09T12:15:10.067`) +* [CVE-2023-43699](CVE-2023/CVE-2023-436xx/CVE-2023-43699.json) (`2023-10-09T12:15:10.140`) +* [CVE-2023-43700](CVE-2023/CVE-2023-437xx/CVE-2023-43700.json) (`2023-10-09T12:15:10.207`) +* [CVE-2023-45247](CVE-2023/CVE-2023-452xx/CVE-2023-45247.json) (`2023-10-09T12:15:10.277`) +* [CVE-2023-45248](CVE-2023/CVE-2023-452xx/CVE-2023-45248.json) (`2023-10-09T12:15:10.347`) +* [CVE-2023-43697](CVE-2023/CVE-2023-436xx/CVE-2023-43697.json) (`2023-10-09T13:15:10.323`) +* [CVE-2023-43698](CVE-2023/CVE-2023-436xx/CVE-2023-43698.json) (`2023-10-09T13:15:10.407`) +* [CVE-2023-5100](CVE-2023/CVE-2023-51xx/CVE-2023-5100.json) (`2023-10-09T13:15:10.487`) +* [CVE-2023-5101](CVE-2023/CVE-2023-51xx/CVE-2023-5101.json) (`2023-10-09T13:15:10.557`) +* [CVE-2023-5102](CVE-2023/CVE-2023-51xx/CVE-2023-5102.json) (`2023-10-09T13:15:10.627`) +* [CVE-2023-5103](CVE-2023/CVE-2023-51xx/CVE-2023-5103.json) (`2023-10-09T13:15:10.697`) ### CVEs modified in the last Commit