Auto-Update: 2024-02-13T11:00:25.350837+00:00

CVE-2019/CVE-2019-139xx/CVE-2019-13939.json

@@ -2,12 +2,12 @@
   "id": "CVE-2019-13939",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2020-01-16T16:15:16.277",
-  "lastModified": "2023-05-09T16:27:15.257",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-13T09:15:42.770",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack."
+      "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value."
     },
     {
       "lang": "es",
@@ -17,7 +17,7 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "nvd@nist.gov",
+        "source": "productcert@siemens.com",
         "type": "Primary",
         "cvssData": {
           "version": "3.1",
@@ -35,6 +35,26 @@
         },
         "exploitabilityScore": 2.8,
         "impactScore": 4.2
+      },
+      {
+        "source": "nvd@nist.gov",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.2
       }
     ],
     "cvssMetricV2": [
@@ -65,29 +85,28 @@
   },
   "weaknesses": [
     {
-      "source": "nvd@nist.gov",
+      "source": "productcert@siemens.com",
       "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    },
+    {
+      "source": "nvd@nist.gov",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",
           "value": "NVD-CWE-noinfo"
         }
       ]
-    },
-    {
-      "source": "productcert@siemens.com",
-      "type": "Secondary",
-      "description": [
-        {
-          "lang": "en",
-          "value": "CWE-840"
-        }
-      ]
     }
   ],
   "configurations": [
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -691,6 +710,14 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-162506.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-434032.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf",
       "source": "productcert@siemens.com",

CVE-2021/CVE-2021-256xx/CVE-2021-25663.json

@@ -2,12 +2,12 @@
   "id": "CVE-2021-25663",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2021-04-22T21:15:09.957",
-  "lastModified": "2021-12-10T19:55:42.500",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-13T09:15:43.143",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values."
+      "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values."
     },
     {
       "lang": "es",
@@ -17,7 +17,7 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "nvd@nist.gov",
+        "source": "productcert@siemens.com",
         "type": "Primary",
         "cvssData": {
           "version": "3.1",
@@ -35,6 +35,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
+      },
+      {
+        "source": "nvd@nist.gov",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
       }
     ],
     "cvssMetricV2": [
@@ -135,6 +155,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf",
       "source": "productcert@siemens.com",

CVE-2021/CVE-2021-256xx/CVE-2021-25664.json

@@ -2,12 +2,12 @@
   "id": "CVE-2021-25664",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2021-04-22T21:15:09.990",
-  "lastModified": "2022-05-01T01:18:11.290",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-13T09:15:43.397",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values."
+      "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values."
     },
     {
       "lang": "es",
@@ -35,6 +35,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 3.6
+      },
+      {
+        "source": "productcert@siemens.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
       }
     ],
     "cvssMetricV2": [
@@ -115,6 +135,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-00xx/CVE-2023-0076.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-0076",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2023-03-06T14:15:10.260",
-  "lastModified": "2023-11-07T03:59:35.570",
+  "lastModified": "2024-02-13T10:15:08.120",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
+      "value": "The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
     }
   ],
   "metrics": {
@@ -54,12 +54,8 @@
   ],
   "references": [
     {
-      "url": "https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772",
-      "source": "contact@wpscan.com",
-      "tags": [
-        "Exploit",
-        "Third Party Advisory"
-      ]
+      "url": "https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772/",
+      "source": "contact@wpscan.com"
     }
   ]
 }

CVE-2023/CVE-2023-288xx/CVE-2023-28831.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-28831",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-09-12T10:15:27.230",
-  "lastModified": "2023-12-12T12:15:11.010",
+  "lastModified": "2024-02-13T09:15:43.637",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -2265,6 +2265,14 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-118850.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-711309.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-118850.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-443xx/CVE-2023-44317.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-44317",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-11-14T11:15:12.067",
-  "lastModified": "2023-12-12T12:15:11.683",
+  "lastModified": "2024-02-13T09:15:43.880",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
+      "value": "Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
     },
     {
       "lang": "es",
@@ -1916,6 +1916,18 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-443xx/CVE-2023-44319.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-44319",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-11-14T11:15:12.510",
-  "lastModified": "2023-12-12T12:15:12.110",
+  "lastModified": "2024-02-13T09:15:44.103",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
+      "value": "Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
     },
     {
       "lang": "es",
@@ -2061,6 +2061,18 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-443xx/CVE-2023-44320.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-44320",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-11-14T11:15:12.757",
-  "lastModified": "2023-12-12T12:15:12.290",
+  "lastModified": "2024-02-13T09:15:44.340",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
+      "value": "Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator."
     },
     {
       "lang": "es",
@@ -2061,6 +2061,18 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-443xx/CVE-2023-44321.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-44321",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-11-14T11:15:12.973",
-  "lastModified": "2023-12-12T12:15:12.577",
+  "lastModified": "2024-02-13T09:15:44.537",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again."
+      "value": "Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again."
     },
     {
       "lang": "es",
@@ -2061,6 +2061,18 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-443xx/CVE-2023-44322.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-44322",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-11-14T11:15:13.187",
-  "lastModified": "2023-12-12T12:15:12.790",
+  "lastModified": "2024-02-13T09:15:44.733",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
+      "value": "Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur."
     },
     {
       "lang": "es",
@@ -2061,6 +2061,18 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-443xx/CVE-2023-44373.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-44373",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-11-14T11:15:13.417",
-  "lastModified": "2023-12-12T12:15:13.000",
+  "lastModified": "2024-02-13T09:15:44.957",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3 (EVDO), SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615, SCALANCE S615 EEC, SCALANCE XB205-3 (SC, PN), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, E/IP), SCALANCE XB205-3 (ST, PN), SCALANCE XB205-3LD (SC, E/IP), SCALANCE XB205-3LD (SC, PN), SCALANCE XB208 (E/IP), SCALANCE XB208 (PN), SCALANCE XB213-3 (SC, E/IP), SCALANCE XB213-3 (SC, PN), SCALANCE XB213-3 (ST, E/IP), SCALANCE XB213-3 (ST, PN), SCALANCE XB213-3LD (SC, E/IP), SCALANCE XB213-3LD (SC, PN), SCALANCE XB216 (E/IP), SCALANCE XB216 (PN), SCALANCE XC206-2 (SC), SCALANCE XC206-2 (ST/BFOC), SCALANCE XC206-2G PoE, SCALANCE XC206-2G PoE (54 V DC), SCALANCE XC206-2G PoE EEC (54 V DC), SCALANCE XC206-2SFP, SCALANCE XC206-2SFP EEC, SCALANCE XC206-2SFP G, SCALANCE XC206-2SFP G (EIP DEF.), SCALANCE XC206-2SFP G EEC, SCALANCE XC208, SCALANCE XC208EEC, SCALANCE XC208G, SCALANCE XC208G (EIP def.), SCALANCE XC208G EEC, SCALANCE XC208G PoE, SCALANCE XC208G PoE (54 V DC), SCALANCE XC216, SCALANCE XC216-3G PoE, SCALANCE XC216-3G PoE (54 V DC), SCALANCE XC216-4C, SCALANCE XC216-4C G, SCALANCE XC216-4C G (EIP Def.), SCALANCE XC216-4C G EEC, SCALANCE XC216EEC, SCALANCE XC224, SCALANCE XC224-4C G, SCALANCE XC224-4C G (EIP Def.), SCALANCE XC224-4C G EEC, SCALANCE XF204, SCALANCE XF204 DNA, SCALANCE XF204-2BA, SCALANCE XF204-2BA DNA, SCALANCE XP208, SCALANCE XP208 (Ethernet/IP), SCALANCE XP208EEC, SCALANCE XP208PoE EEC, SCALANCE XP216, SCALANCE XP216 (Ethernet/IP), SCALANCE XP216EEC, SCALANCE XP216POE EEC, SCALANCE XR324WG (24 x FE, AC 230V), SCALANCE XR324WG (24 X FE, DC 24V), SCALANCE XR326-2C PoE WG, SCALANCE XR326-2C PoE WG (without UL), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V), SCALANCE XR328-4C WG (28xGE, AC 230V), SCALANCE XR328-4C WG (28xGE, DC 24V), SIPLUS NET SCALANCE XC206-2, SIPLUS NET SCALANCE XC206-2SFP, SIPLUS NET SCALANCE XC208, SIPLUS NET SCALANCE XC216-4C. Affected devices do not properly sanitize an input field.  This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
+      "value": "Affected devices do not properly sanitize an input field.  This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
     },
     {
       "lang": "es",
@@ -2041,6 +2041,18 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
       "source": "productcert@siemens.com"

CVE-2023/CVE-2023-462xx/CVE-2023-46281.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-46281",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:13.653",
-  "lastModified": "2024-01-09T10:15:15.900",
+  "lastModified": "2024-02-13T09:15:45.187",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
+      "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
     },
     {
       "lang": "es",
@@ -142,6 +142,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-462xx/CVE-2023-46282.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-46282",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:13.870",
-  "lastModified": "2024-01-09T10:15:16.110",
+  "lastModified": "2024-02-13T09:15:45.337",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
+      "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
     },
     {
       "lang": "es",
@@ -152,6 +152,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-462xx/CVE-2023-46283.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-46283",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:14.067",
-  "lastModified": "2024-01-09T10:15:16.373",
+  "lastModified": "2024-02-13T09:15:45.443",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
+      "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
     },
     {
       "lang": "es",
@@ -122,6 +122,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-462xx/CVE-2023-46284.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-46284",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:14.273",
-  "lastModified": "2024-01-09T10:15:16.487",
+  "lastModified": "2024-02-13T09:15:45.553",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
+      "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
     },
     {
       "lang": "es",
@@ -132,6 +132,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-462xx/CVE-2023-46285.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-46285",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:14.477",
-  "lastModified": "2024-01-09T10:15:16.600",
+  "lastModified": "2024-02-13T09:15:45.660",
   "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
+      "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI\u00a0/Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
     },
     {
       "lang": "es",
@@ -132,6 +132,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-483xx/CVE-2023-48363.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48363",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:45.763",
+  "lastModified": "2024-02-13T09:15:45.763",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-483xx/CVE-2023-48364.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48364",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:45.980",
+  "lastModified": "2024-02-13T09:15:45.980",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 SP4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-491xx/CVE-2023-49125.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-49125",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:46.173",
+  "lastModified": "2024-02-13T09:15:46.173",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-496xx/CVE-2023-49691.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-49691",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:15.990",
-  "lastModified": "2023-12-18T14:39:35.387",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-13T09:15:46.373",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update."
+      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update."
     },
     {
       "lang": "es",
@@ -633,6 +633,14 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-496xx/CVE-2023-49692.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-49692",
   "sourceIdentifier": "productcert@siemens.com",
   "published": "2023-12-12T12:15:16.203",
-  "lastModified": "2023-12-18T14:38:58.070",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-13T09:15:46.507",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established."
+      "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE S615 EEC (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V3.0.2), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V3.0.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established."
     },
     {
       "lang": "es",
@@ -633,6 +633,14 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html",
+      "source": "productcert@siemens.com"
+    },
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html",
+      "source": "productcert@siemens.com"
+    },
     {
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-068047.pdf",
       "source": "productcert@siemens.com",

CVE-2023/CVE-2023-502xx/CVE-2023-50236.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-50236",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:46.633",
+  "lastModified": "2024-02-13T09:15:46.633",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Polarion ALM (All versions). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\\SYSTEM."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-514xx/CVE-2023-51440.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-51440",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:46.830",
+  "lastModified": "2024-02-13T09:15:46.830",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-940"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-516818.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-60xx/CVE-2023-6072.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-6072",
+  "sourceIdentifier": "trellixpsirt@trellix.com",
+  "published": "2024-02-13T10:15:08.227",
+  "lastModified": "2024-02-13T10:15:08.227",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "trellixpsirt@trellix.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "trellixpsirt@trellix.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://docs.trellix.com/bundle/cm_9-1-5_rn/page/UUID-fad8a50f-6f6f-e970-f418-06494a30932e.html",
+      "source": "trellixpsirt@trellix.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-05xx/CVE-2024-0553.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-0553",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-01-16T12:15:45.557",
-  "lastModified": "2024-02-09T03:15:09.317",
+  "lastModified": "2024-02-13T09:15:47.017",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -150,6 +150,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:0627",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0796",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-0553",
       "source": "secalert@redhat.com",

CVE-2024/CVE-2024-11xx/CVE-2024-1157.json

@@ -0,0 +1,51 @@
+{
+  "id": "CVE-2024-1157",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-13T10:15:08.433",
+  "lastModified": "2024-02-13T10:15:08.433",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements/bt_bb_button/bt_bb_button.php#L161",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-11xx/CVE-2024-1159.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1159",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-13T10:15:08.603",
+  "lastModified": "2024-02-13T10:15:08.603",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-11xx/CVE-2024-1160.json

@@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-1160",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-02-13T10:15:08.783",
+  "lastModified": "2024-02-13T10:15:08.783",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-220xx/CVE-2024-22042.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-22042",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:47.157",
+  "lastModified": "2024-02-13T09:15:47.157",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-648"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-220xx/CVE-2024-22043.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-22043",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:47.360",
+  "lastModified": "2024-02-13T09:15:47.360",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23795.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23795",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:47.550",
+  "lastModified": "2024-02-13T09:15:47.550",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23796.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23796",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:47.737",
+  "lastModified": "2024-02-13T09:15:47.737",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-122"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23797.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23797",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:47.983",
+  "lastModified": "2024-02-13T09:15:47.983",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23798.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23798",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:48.170",
+  "lastModified": "2024-02-13T09:15:48.170",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23799.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23799",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:48.380",
+  "lastModified": "2024-02-13T09:15:48.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23800.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23800",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:48.573",
+  "lastModified": "2024-02-13T09:15:48.573",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23801.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23801",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:48.807",
+  "lastModified": "2024-02-13T09:15:48.807",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23802.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23802",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:49.000",
+  "lastModified": "2024-02-13T09:15:49.000",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23803.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23803",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:49.183",
+  "lastModified": "2024-02-13T09:15:49.183",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23804.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23804",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:49.373",
+  "lastModified": "2024-02-13T09:15:49.373",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23810.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23810",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:49.573",
+  "lastModified": "2024-02-13T09:15:49.573",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23811.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23811",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:49.760",
+  "lastModified": "2024-02-13T09:15:49.760",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23812.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23812",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:49.953",
+  "lastModified": "2024-02-13T09:15:49.953",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23813.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23813",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:50.140",
+  "lastModified": "2024-02-13T09:15:50.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-238xx/CVE-2024-23816.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-23816",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:50.343",
+  "lastModified": "2024-02-13T09:15:50.343",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-249xx/CVE-2024-24920.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24920",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:50.547",
+  "lastModified": "2024-02-13T09:15:50.547",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-249xx/CVE-2024-24921.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24921",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:50.737",
+  "lastModified": "2024-02-13T09:15:50.737",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-249xx/CVE-2024-24922.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24922",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:50.937",
+  "lastModified": "2024-02-13T09:15:50.937",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-249xx/CVE-2024-24923.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24923",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:51.130",
+  "lastModified": "2024-02-13T09:15:51.130",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-249xx/CVE-2024-24924.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24924",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:51.353",
+  "lastModified": "2024-02-13T09:15:51.353",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-249xx/CVE-2024-24925.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24925",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2024-02-13T09:15:51.577",
+  "lastModified": "2024-02-13T09:15:51.577",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-824"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-13T09:00:30.947115+00:00
+2024-02-13T11:00:25.350837+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-13T08:16:35.993000+00:00
+2024-02-13T10:15:08.783000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,47 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-238243
+238275
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `32`
 
-* [CVE-2023-6815](CVE-2023/CVE-2023-68xx/CVE-2023-6815.json) (`2024-02-13T07:15:46.843`)
-* [CVE-2024-22445](CVE-2024/CVE-2024-224xx/CVE-2024-22445.json) (`2024-02-13T08:16:35.723`)
-* [CVE-2024-22454](CVE-2024/CVE-2024-224xx/CVE-2024-22454.json) (`2024-02-13T08:16:35.993`)
+* [CVE-2024-22043](CVE-2024/CVE-2024-220xx/CVE-2024-22043.json) (`2024-02-13T09:15:47.360`)
+* [CVE-2024-23795](CVE-2024/CVE-2024-237xx/CVE-2024-23795.json) (`2024-02-13T09:15:47.550`)
+* [CVE-2024-23796](CVE-2024/CVE-2024-237xx/CVE-2024-23796.json) (`2024-02-13T09:15:47.737`)
+* [CVE-2024-23797](CVE-2024/CVE-2024-237xx/CVE-2024-23797.json) (`2024-02-13T09:15:47.983`)
+* [CVE-2024-23798](CVE-2024/CVE-2024-237xx/CVE-2024-23798.json) (`2024-02-13T09:15:48.170`)
+* [CVE-2024-23799](CVE-2024/CVE-2024-237xx/CVE-2024-23799.json) (`2024-02-13T09:15:48.380`)
+* [CVE-2024-23800](CVE-2024/CVE-2024-238xx/CVE-2024-23800.json) (`2024-02-13T09:15:48.573`)
+* [CVE-2024-23801](CVE-2024/CVE-2024-238xx/CVE-2024-23801.json) (`2024-02-13T09:15:48.807`)
+* [CVE-2024-23802](CVE-2024/CVE-2024-238xx/CVE-2024-23802.json) (`2024-02-13T09:15:49.000`)
+* [CVE-2024-23803](CVE-2024/CVE-2024-238xx/CVE-2024-23803.json) (`2024-02-13T09:15:49.183`)
+* [CVE-2024-23804](CVE-2024/CVE-2024-238xx/CVE-2024-23804.json) (`2024-02-13T09:15:49.373`)
+* [CVE-2024-23810](CVE-2024/CVE-2024-238xx/CVE-2024-23810.json) (`2024-02-13T09:15:49.573`)
+* [CVE-2024-23811](CVE-2024/CVE-2024-238xx/CVE-2024-23811.json) (`2024-02-13T09:15:49.760`)
+* [CVE-2024-23812](CVE-2024/CVE-2024-238xx/CVE-2024-23812.json) (`2024-02-13T09:15:49.953`)
+* [CVE-2024-23813](CVE-2024/CVE-2024-238xx/CVE-2024-23813.json) (`2024-02-13T09:15:50.140`)
+* [CVE-2024-23816](CVE-2024/CVE-2024-238xx/CVE-2024-23816.json) (`2024-02-13T09:15:50.343`)
+* [CVE-2024-24920](CVE-2024/CVE-2024-249xx/CVE-2024-24920.json) (`2024-02-13T09:15:50.547`)
+* [CVE-2024-24921](CVE-2024/CVE-2024-249xx/CVE-2024-24921.json) (`2024-02-13T09:15:50.737`)
+* [CVE-2024-24922](CVE-2024/CVE-2024-249xx/CVE-2024-24922.json) (`2024-02-13T09:15:50.937`)
+* [CVE-2024-24923](CVE-2024/CVE-2024-249xx/CVE-2024-24923.json) (`2024-02-13T09:15:51.130`)
+* [CVE-2024-24924](CVE-2024/CVE-2024-249xx/CVE-2024-24924.json) (`2024-02-13T09:15:51.353`)
+* [CVE-2024-24925](CVE-2024/CVE-2024-249xx/CVE-2024-24925.json) (`2024-02-13T09:15:51.577`)
+* [CVE-2024-1157](CVE-2024/CVE-2024-11xx/CVE-2024-1157.json) (`2024-02-13T10:15:08.433`)
+* [CVE-2024-1159](CVE-2024/CVE-2024-11xx/CVE-2024-1159.json) (`2024-02-13T10:15:08.603`)
+* [CVE-2024-1160](CVE-2024/CVE-2024-11xx/CVE-2024-1160.json) (`2024-02-13T10:15:08.783`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `199`
+Recently modified CVEs: `19`
 
-* [CVE-2023-7145](CVE-2023/CVE-2023-71xx/CVE-2023-7145.json) (`2024-02-13T08:16:27.547`)
-* [CVE-2023-7146](CVE-2023/CVE-2023-71xx/CVE-2023-7146.json) (`2024-02-13T08:16:27.810`)
-* [CVE-2023-7147](CVE-2023/CVE-2023-71xx/CVE-2023-7147.json) (`2024-02-13T08:16:28.100`)
-* [CVE-2023-7150](CVE-2023/CVE-2023-71xx/CVE-2023-7150.json) (`2024-02-13T08:16:28.490`)
-* [CVE-2023-7159](CVE-2023/CVE-2023-71xx/CVE-2023-7159.json) (`2024-02-13T08:16:28.753`)
-* [CVE-2023-7183](CVE-2023/CVE-2023-71xx/CVE-2023-7183.json) (`2024-02-13T08:16:29.027`)
-* [CVE-2023-7184](CVE-2023/CVE-2023-71xx/CVE-2023-7184.json) (`2024-02-13T08:16:29.460`)
-* [CVE-2023-7185](CVE-2023/CVE-2023-71xx/CVE-2023-7185.json) (`2024-02-13T08:16:29.760`)
-* [CVE-2023-7186](CVE-2023/CVE-2023-71xx/CVE-2023-7186.json) (`2024-02-13T08:16:30.083`)
-* [CVE-2023-7187](CVE-2023/CVE-2023-71xx/CVE-2023-7187.json) (`2024-02-13T08:16:30.363`)
-* [CVE-2023-7188](CVE-2023/CVE-2023-71xx/CVE-2023-7188.json) (`2024-02-13T08:16:30.667`)
-* [CVE-2023-7189](CVE-2023/CVE-2023-71xx/CVE-2023-7189.json) (`2024-02-13T08:16:31.153`)
-* [CVE-2023-7190](CVE-2023/CVE-2023-71xx/CVE-2023-7190.json) (`2024-02-13T08:16:31.497`)
-* [CVE-2023-7191](CVE-2023/CVE-2023-71xx/CVE-2023-7191.json) (`2024-02-13T08:16:31.763`)
-* [CVE-2023-7193](CVE-2023/CVE-2023-71xx/CVE-2023-7193.json) (`2024-02-13T08:16:32.140`)
-* [CVE-2023-7210](CVE-2023/CVE-2023-72xx/CVE-2023-7210.json) (`2024-02-13T08:16:32.510`)
-* [CVE-2023-7213](CVE-2023/CVE-2023-72xx/CVE-2023-7213.json) (`2024-02-13T08:16:32.770`)
-* [CVE-2023-7214](CVE-2023/CVE-2023-72xx/CVE-2023-7214.json) (`2024-02-13T08:16:33.153`)
-* [CVE-2023-7218](CVE-2023/CVE-2023-72xx/CVE-2023-7218.json) (`2024-02-13T08:16:33.540`)
-* [CVE-2023-7219](CVE-2023/CVE-2023-72xx/CVE-2023-7219.json) (`2024-02-13T08:16:33.930`)
-* [CVE-2023-7220](CVE-2023/CVE-2023-72xx/CVE-2023-7220.json) (`2024-02-13T08:16:34.313`)
-* [CVE-2023-7221](CVE-2023/CVE-2023-72xx/CVE-2023-7221.json) (`2024-02-13T08:16:34.713`)
-* [CVE-2023-7222](CVE-2023/CVE-2023-72xx/CVE-2023-7222.json) (`2024-02-13T08:16:34.977`)
-* [CVE-2024-22851](CVE-2024/CVE-2024-228xx/CVE-2024-22851.json) (`2024-02-13T07:15:48.500`)
-* [CVE-2024-1432](CVE-2024/CVE-2024-14xx/CVE-2024-1432.json) (`2024-02-13T08:16:35.337`)
+* [CVE-2019-13939](CVE-2019/CVE-2019-139xx/CVE-2019-13939.json) (`2024-02-13T09:15:42.770`)
+* [CVE-2021-25663](CVE-2021/CVE-2021-256xx/CVE-2021-25663.json) (`2024-02-13T09:15:43.143`)
+* [CVE-2021-25664](CVE-2021/CVE-2021-256xx/CVE-2021-25664.json) (`2024-02-13T09:15:43.397`)
+* [CVE-2023-28831](CVE-2023/CVE-2023-288xx/CVE-2023-28831.json) (`2024-02-13T09:15:43.637`)
+* [CVE-2023-44317](CVE-2023/CVE-2023-443xx/CVE-2023-44317.json) (`2024-02-13T09:15:43.880`)
+* [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2024-02-13T09:15:44.103`)
+* [CVE-2023-44320](CVE-2023/CVE-2023-443xx/CVE-2023-44320.json) (`2024-02-13T09:15:44.340`)
+* [CVE-2023-44321](CVE-2023/CVE-2023-443xx/CVE-2023-44321.json) (`2024-02-13T09:15:44.537`)
+* [CVE-2023-44322](CVE-2023/CVE-2023-443xx/CVE-2023-44322.json) (`2024-02-13T09:15:44.733`)
+* [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2024-02-13T09:15:44.957`)
+* [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-02-13T09:15:45.187`)
+* [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-02-13T09:15:45.337`)
+* [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-02-13T09:15:45.443`)
+* [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-02-13T09:15:45.553`)
+* [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-02-13T09:15:45.660`)
+* [CVE-2023-49691](CVE-2023/CVE-2023-496xx/CVE-2023-49691.json) (`2024-02-13T09:15:46.373`)
+* [CVE-2023-49692](CVE-2023/CVE-2023-496xx/CVE-2023-49692.json) (`2024-02-13T09:15:46.507`)
+* [CVE-2023-0076](CVE-2023/CVE-2023-00xx/CVE-2023-0076.json) (`2024-02-13T10:15:08.120`)
+* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-02-13T09:15:47.017`)
 
 
 ## Download and Usage