admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 03:02:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-10T12:00:20.451537+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-10 12:03:19 +00:00
parent 420cd59f53
commit d910d6fe07
57 changed files with 3293 additions and 384 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
CVE-2017/CVE-2017-26xx/CVE-2017-2680.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-2680",
"sourceIdentifier": "productcert@siemens.com",
"published": "2017-05-11T01:29:05.400",
"lastModified": "2024-07-09T12:15:03.820",
"lastModified": "2024-09-10T10:15:02.153",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
@ -1496,10 +1540,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.6",
"matchCriteriaId": "2570E321-C28E-46FA-8693-1230B3B5FD1B"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D"
}
]
},
@ -1508,9 +1551,10 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.6",
"matchCriteriaId": "2570E321-C28E-46FA-8693-1230B3B5FD1B"
}
]
}
@ -1519,6 +1563,17 @@
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B"
}
]
},
{
"operator": "OR",
"negate": false,
@ -1530,23 +1585,23 @@
"matchCriteriaId": "582B49BD-4565-4D19-BBE6-A193BDFCE8B0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77"
}
]
},
{
"operator": "OR",
"negate": false,
@ -1558,23 +1613,23 @@
"matchCriteriaId": "9D24953B-B3DF-4150-810C-64A94A55E829"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF"
}
]
},
{
"operator": "OR",
"negate": false,
@ -1586,23 +1641,23 @@
"matchCriteriaId": "E696D071-8601-40AA-BAF5-1452940E1D6E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5ADAB0-3985-4933-8CDD-D1546D8271CC"
}
]
},
{
"operator": "OR",
"negate": false,
@ -1619,17 +1674,6 @@
"matchCriteriaId": "EA59D713-F342-4CDA-BDC8-108352D385DA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA5ADAB0-3985-4933-8CDD-D1546D8271CC"
}
]
}
]
},
@ -1641,10 +1685,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.0",
"matchCriteriaId": "4E36412A-1AAB-42D1-B0B4-7A7BBF3CB317"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8582A3E8-C05E-4D0B-851D-8C3181ED61CC"
}
]
},
@ -1653,9 +1696,10 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8582A3E8-C05E-4D0B-851D-8C3181ED61CC"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.0",
"matchCriteriaId": "4E36412A-1AAB-42D1-B0B4-7A7BBF3CB317"
}
]
}
@ -1784,6 +1828,17 @@
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F50CA-7371-4BC7-8D8A-13F8BC69E4EB"
}
]
},
{
"operator": "OR",
"negate": false,
@ -1800,23 +1855,23 @@
"matchCriteriaId": "A2B61A79-C2B0-4C3D-A63C-B20FF78B2981"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B75F50CA-7371-4BC7-8D8A-13F8BC69E4EB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61D3E9C-1346-4354-BCD9-B02F67500C41"
}
]
},
{
"operator": "OR",
"negate": false,
@ -1833,17 +1888,6 @@
"matchCriteriaId": "CAA92AC6-7DA0-418D-A13F-69268DFD7966"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61D3E9C-1346-4354-BCD9-B02F67500C41"
}
]
}
]
},

48
CVE-2017/CVE-2017-26xx/CVE-2017-2681.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2017-2681",
"sourceIdentifier": "productcert@siemens.com",
"published": "2017-05-11T10:29:00.180",
"lastModified": "2024-07-09T12:15:04.280",
"lastModified": "2024-09-10T10:15:03.063",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices."
"value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",

8
CVE-2019/CVE-2019-109xx/CVE-2019-10923.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2019-10923",
"sourceIdentifier": "productcert@siemens.com",
"published": "2019-10-10T14:15:14.503",
"lastModified": "2023-05-09T13:15:12.763",
"lastModified": "2024-09-10T10:15:03.397",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
"value": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
},
{
"lang": "es",
@ -1294,6 +1294,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf",
"source": "productcert@siemens.com",

8
CVE-2020/CVE-2020-252xx/CVE-2020-25236.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2020-25236",
"sourceIdentifier": "productcert@siemens.com",
"published": "2021-03-15T17:15:19.877",
"lastModified": "2023-12-12T12:15:07.960",
"lastModified": "2024-09-10T10:15:03.727",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device\nexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device\nexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset."
},
{
"lang": "es",
@ -126,6 +126,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-783481.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-783481.pdf",
"source": "productcert@siemens.com",

8
CVE-2022/CVE-2022-363xx/CVE-2022-36361.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-36361",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.037",
"lastModified": "2023-12-12T12:15:09.510",
"lastModified": "2024-09-10T10:15:03.930",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code."
},
{
"lang": "es",
@ -128,6 +128,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-955858.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf",
"source": "productcert@siemens.com",

8
CVE-2022/CVE-2022-363xx/CVE-2022-36362.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-36362",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.103",
"lastModified": "2023-12-12T12:15:09.630",
"lastModified": "2024-09-10T10:15:04.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device."
},
{
"lang": "es",
@ -138,6 +138,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-955858.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf",
"source": "productcert@siemens.com",

8
CVE-2022/CVE-2022-363xx/CVE-2022-36363.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-36363",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-10-11T11:15:10.163",
"lastModified": "2023-12-12T12:15:09.740",
"lastModified": "2024-09-10T10:15:04.293",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory."
},
{
"lang": "es",
@ -138,6 +138,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-955858.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf",
"source": "productcert@siemens.com",

10
CVE-2022/CVE-2022-427xx/CVE-2022-42784.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-42784",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T10:15:09.560",
"lastModified": "2023-12-18T14:51:14.167",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-10T10:15:04.440",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version."
"value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version."
},
{
"lang": "es",
@ -532,6 +532,10 @@
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-844582.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf",
"source": "productcert@siemens.com",

18
CVE-2022/CVE-2022-437xx/CVE-2022-43716.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-43716",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-04-11T10:15:17.467",
"lastModified": "2024-06-11T09:15:11.587",
"lastModified": "2024-09-10T10:15:04.627",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product."
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product."
}
],
"metrics": {
@ -702,10 +702,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.6",
"matchCriteriaId": "4646AF8C-B871-4F9E-85A4-ECE8F13AFB21"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239"
}
]
},
@ -714,9 +713,10 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.6",
"matchCriteriaId": "4646AF8C-B871-4F9E-85A4-ECE8F13AFB21"
}
]
}

140
CVE-2022/CVE-2022-437xx/CVE-2022-43767.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-43767",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-04-11T10:15:17.540",
"lastModified": "2024-06-11T09:15:11.907",
"lastModified": "2024-09-10T10:15:04.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
}
],
"metrics": {
@ -93,9 +93,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960"
}
]
},
@ -104,9 +104,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C"
}
]
}
@ -115,17 +115,6 @@
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8"
}
]
},
{
"operator": "OR",
"negate": false,
@ -136,23 +125,23 @@
"matchCriteriaId": "2FFBFB96-1A35-4724-831B-68E3A9C32921"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5"
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -163,23 +152,23 @@
"matchCriteriaId": "DFE96226-A2DF-4A9E-8CBB-8D7CF328E404"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0"
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -190,23 +179,23 @@
"matchCriteriaId": "651C66E8-B3C0-4E88-BC7C-30BF16A7F7A3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39"
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -217,23 +206,23 @@
"matchCriteriaId": "FF9224A6-8A35-4F4F-951F-5B24B89E5FC8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27"
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -244,23 +233,23 @@
"matchCriteriaId": "12A45F37-1E7D-4748-ADAC-EC4C454B693A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F51B86-57EE-4DB6-B038-06726BC93D2D"
"criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -271,6 +260,17 @@
"matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F51B86-57EE-4DB6-B038-06726BC93D2D"
}
]
}
]
},
@ -282,9 +282,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8648EF79-043D-48DE-B9F8-BF762862EE99"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390"
}
]
},
@ -293,9 +293,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8648EF79-043D-48DE-B9F8-BF762862EE99"
}
]
}

4
CVE-2022/CVE-2022-437xx/CVE-2022-43768.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-43768",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-04-11T10:15:17.617",
"lastModified": "2024-06-11T09:15:12.230",
"lastModified": "2024-09-10T10:15:05.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product."
}
],
"metrics": {

4
CVE-2022/CVE-2022-461xx/CVE-2022-46144.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2022-46144",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:25.200",
"lastModified": "2024-06-11T09:15:12.590",
"lastModified": "2024-09-10T10:15:05.170",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive."
"value": "A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive."
},
{
"lang": "es",

104
CVE-2023/CVE-2023-288xx/CVE-2023-28827.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2023-28827",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:05.347",
"lastModified": "2024-09-10T10:15:05.347",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. \r\n\r\nThis could allow a remote attacker to cause a denial of service condition in the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones &lt; V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones &lt; V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones &lt; V2.4.8). El servidor web de los dispositivos afectados no procesa correctamente ciertas solicitudes, lo que provoca un tiempo de espera en el watchdog, lo que podr\u00eda provocar la limpieza de punteros. Esto podr\u00eda permitir que un atacante remoto provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html",
"source": "productcert@siemens.com"
}
]
}

68
CVE-2023/CVE-2023-29xx/CVE-2023-2919.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2023-2919",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-10T10:15:05.710",
"lastModified": "2024-09-10T10:15:05.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Tutor LMS para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.7.4 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n 'addon_enable_disable'. Esto hace posible que atacantes no autenticados habiliten o deshabiliten complementos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Ajax.php?rev=3128650#L506",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3148621/tutor/tags/2.7.5/classes/Ajax.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/992abd72-2a8e-4bda-94c2-4a7f88487906?source=cve",
"source": "security@wordfence.com"
}
]
}

104
CVE-2023/CVE-2023-307xx/CVE-2023-30755.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2023-30755",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:05.940",
"lastModified": "2024-09-10T10:15:05.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources. \r\n\r\nThis could allow a remote attacker with elevated privileges to cause a denial of service condition in the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones &lt; V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones &lt; V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones &lt; V2.4.8). El servidor web de los dispositivos afectados no gestiona correctamente la solicitud de apagado o reinicio, lo que podr\u00eda provocar la limpieza de determinados recursos. Esto podr\u00eda permitir que un atacante remoto con privilegios elevados provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2023/CVE-2023-307xx/CVE-2023-30756.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2023-30756",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:06.197",
"lastModified": "2024-09-10T10:15:06.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones &lt; V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones &lt; V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones &lt; V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones &lt; V2.4.8). El servidor web de los dispositivos afectados no gestiona correctamente determinados errores al utilizar el encabezado de solicitud HTTP Expect, lo que da lugar a una desreferencia NULL. Esto podr\u00eda permitir que un atacante remoto sin privilegios provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html",
"source": "productcert@siemens.com"
}
]
}

4
CVE-2023/CVE-2023-443xx/CVE-2023-44317.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44317",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.067",
"lastModified": "2024-08-13T08:15:06.607",
"lastModified": "2024-09-10T10:15:06.443",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-443xx/CVE-2023-44319.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44319",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:12.510",
"lastModified": "2024-08-13T08:15:07.073",
"lastModified": "2024-09-10T10:15:07.013",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device."
},
{
"lang": "es",

8
CVE-2023/CVE-2023-443xx/CVE-2023-44373.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44373",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.417",
"lastModified": "2024-08-13T08:15:08.033",
"lastModified": "2024-09-10T10:15:07.217",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V2.4.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.4.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V2.4.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions < V2.4.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V2.4.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V2.4.0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions < V2.4.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V2.4.0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions < V2.4.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323."
},
{
"lang": "es",
@ -2102,6 +2102,10 @@
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf",
"source": "productcert@siemens.com"

164
CVE-2023/CVE-2023-443xx/CVE-2023-44374.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-44374",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-11-14T11:15:13.753",
"lastModified": "2024-08-13T08:15:08.297",
"lastModified": "2024-09-10T10:15:07.467",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges."
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges."
},
{
"lang": "es",
@ -780,10 +780,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5",
"matchCriteriaId": "66B350EA-BB9F-4A17-93DB-55132592E050"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5206-2gs00-2fc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4FE9F1-CA78-4E2D-BAAB-27F370C74058"
}
]
},
@ -792,9 +791,10 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5206-2gs00-2fc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4FE9F1-CA78-4E2D-BAAB-27F370C74058"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5",
"matchCriteriaId": "66B350EA-BB9F-4A17-93DB-55132592E050"
}
]
}
@ -803,6 +803,17 @@
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B74B85-3F14-4E2B-8579-8304B0CDEBF6"
}
]
},
{
"operator": "OR",
"negate": false,
@ -814,23 +825,23 @@
"matchCriteriaId": "C0645A96-E9C4-4CAE-9B06-EC098D3470AB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B74B85-3F14-4E2B-8579-8304B0CDEBF6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2fc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81A3F713-4B72-40AE-9FB1-88FBA52574F2"
}
]
},
{
"operator": "OR",
"negate": false,
@ -842,23 +853,23 @@
"matchCriteriaId": "A54883F7-90D2-4B42-B426-767208360B6F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2fc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81A3F713-4B72-40AE-9FB1-88FBA52574F2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C557EB-5EE6-4FB6-AA77-E2519C122792"
}
]
},
{
"operator": "OR",
"negate": false,
@ -870,23 +881,23 @@
"matchCriteriaId": "86354CF8-B304-4A06-9D28-5161E082E891"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C557EB-5EE6-4FB6-AA77-E2519C122792"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2tc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84745DC6-8D3E-48BD-B61F-93B6D43919AB"
}
]
},
{
"operator": "OR",
"negate": false,
@ -898,23 +909,23 @@
"matchCriteriaId": "BB4603BB-39A4-4C66-B40F-4C937C51290F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2tc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84745DC6-8D3E-48BD-B61F-93B6D43919AB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2fc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6997812-562B-421F-AECF-6E1151E9EC50"
}
]
},
{
"operator": "OR",
"negate": false,
@ -926,34 +937,12 @@
"matchCriteriaId": "5A4283EE-DC1B-49B3-A23B-C2443C457243"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2fc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6997812-562B-421F-AECF-6E1151E9EC50"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EA732B-3BDA-41AE-A791-700A28FD632B"
}
]
},
{
"operator": "OR",
"negate": false,
@ -965,6 +954,17 @@
"matchCriteriaId": "06C17564-8DB0-41DA-AAD7-D1BE5C662054"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-2ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3EA732B-3BDA-41AE-A791-700A28FD632B"
}
]
}
]
},
@ -976,9 +976,10 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-5ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C230B-2682-4DCF-808A-3D1EB647BA13"
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5",
"matchCriteriaId": "F58C2715-BB90-4799-B0EF-F5E356BB211B"
}
]
},
@ -987,10 +988,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5",
"matchCriteriaId": "F58C2715-BB90-4799-B0EF-F5E356BB211B"
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-5ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C230B-2682-4DCF-808A-3D1EB647BA13"
}
]
}

4
CVE-2023/CVE-2023-462xx/CVE-2023-46280.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46280",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-05-14T16:15:40.800",
"lastModified": "2024-08-13T08:15:08.500",
"lastModified": "2024-09-10T10:15:07.977",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
"value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46281.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46281",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.653",
"lastModified": "2024-08-13T08:15:08.660",
"lastModified": "2024-09-10T10:15:08.120",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46282.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46282",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:13.870",
"lastModified": "2024-08-13T08:15:08.813",
"lastModified": "2024-09-10T10:15:08.240",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46283.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46283",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.067",
"lastModified": "2024-08-13T08:15:08.950",
"lastModified": "2024-09-10T10:15:08.353",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46284.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46284",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.273",
"lastModified": "2024-08-13T08:15:09.073",
"lastModified": "2024-09-10T10:15:08.467",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-462xx/CVE-2023-46285.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46285",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-12-12T12:15:14.477",
"lastModified": "2024-08-13T08:15:09.193",
"lastModified": "2024-09-10T10:15:08.577",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
"value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-483xx/CVE-2023-48363.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-48363",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:45.763",
"lastModified": "2024-07-09T12:15:10.147",
"lastModified": "2024-09-10T10:15:08.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server."
},
{
"lang": "es",

4
CVE-2023/CVE-2023-483xx/CVE-2023-48364.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-48364",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:45.980",
"lastModified": "2024-07-09T12:15:10.277",
"lastModified": "2024-09-10T10:15:08.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
"value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server."
},
{
"lang": "es",

104
CVE-2023/CVE-2023-490xx/CVE-2023-49069.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2023-49069",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:08.947",
"lastModified": "2024-09-10T10:15:08.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.14.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.2 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.12 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.26 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.14.0, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.12 (todas las versiones anteriores a la V10.12.2, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.6 (todas las versiones anteriores a la V10.6.12, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V8 (todas las versiones solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.26, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico). El mecanismo de autenticaci\u00f3n de las aplicaciones afectadas contiene una vulnerabilidad de discrepancia de respuesta observable al validar nombres de usuario. Esto podr\u00eda permitir que atacantes remotos no autenticados distingan entre nombres de usuario v\u00e1lidos e inv\u00e1lidos."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html",
"source": "productcert@siemens.com"
}
]
}

48
CVE-2024/CVE-2024-214xx/CVE-2024-21483.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-21483",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-03-12T11:15:48.217",
"lastModified": "2024-03-12T12:40:13.500",
"lastModified": "2024-09-10T10:15:09.173",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.\r\n\r\nAn attacker with physical access to the device could read out the data."
"value": "A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.\r\n\r\nAn attacker with physical access to the device could read out the data."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",

4
CVE-2024/CVE-2024-303xx/CVE-2024-30321.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-30321",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-09T12:15:11.707",
"lastModified": "2024-07-09T18:19:14.047",
"lastModified": "2024-09-10T10:15:09.340",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."
"value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords."
},
{
"lang": "es",

104
CVE-2024/CVE-2024-320xx/CVE-2024-32006.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-32006",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:09.473",
"lastModified": "2024-09-10T10:15:09.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada no hace que la sesi\u00f3n del usuario caduque al reiniciar sin cerrar sesi\u00f3n. Esto podr\u00eda permitir que un atacante eluda la autenticaci\u00f3n multifactor."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-336xx/CVE-2024-33698.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-33698",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:09.707",
"lastModified": "2024-09-10T10:15:09.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones &lt; V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones &lt; V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-357xx/CVE-2024-35783.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-35783",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:09.937",
"lastModified": "2024-09-10T10:15:09.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC BATCH V9.1 (todas las versiones), SIMATIC Information Server 2020 (todas las versiones), SIMATIC Information Server 2022 (todas las versiones), SIMATIC PCS 7 V9.1 (todas las versiones), SIMATIC Process Historian 2020 (todas las versiones), SIMATIC Process Historian 2022 (todas las versiones), SIMATIC WinCC Runtime Professional V18 (todas las versiones), SIMATIC WinCC Runtime Professional V19 (todas las versiones), SIMATIC WinCC V7.4 (todas las versiones), SIMATIC WinCC V7.5 (todas las versiones &lt; V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (todas las versiones &lt; V8.0 Update 5). Los productos afectados ejecutan su servidor de base de datos con privilegios elevados, lo que podr\u00eda permitir que un atacante autenticado ejecute comandos arbitrarios del sistema operativo con privilegios administrativos."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-379xx/CVE-2024-37990.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-37990",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:10.227",
"lastModified": "2024-09-10T10:15:10.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones &lt; V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones &lt; V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones &lt; V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones &lt; V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones &lt; V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones &lt; V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones &lt; V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones &lt; V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones &lt; V2.2). Las aplicaciones afectadas contienen archivos de configuraci\u00f3n que se pueden modificar. Un atacante con acceso privilegiado puede modificar estos archivos y habilitar funciones que no est\u00e1n disponibles para este dispositivo."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-912"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-379xx/CVE-2024-37991.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-37991",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:10.600",
"lastModified": "2024-09-10T10:15:10.600",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones &lt; V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones &lt; V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones &lt; V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones &lt; V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones &lt; V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones &lt; V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones &lt; V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones &lt; V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones &lt; V2.2). Se puede acceder a los archivos de registro de servicio de la aplicaci\u00f3n afectada sin la autenticaci\u00f3n adecuada. Esto podr\u00eda permitir que un atacante no autenticado obtenga acceso a informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-379xx/CVE-2024-37992.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-37992",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:10.837",
"lastModified": "2024-09-10T10:15:10.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones &lt; V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones &lt; V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones &lt; V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones &lt; V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones &lt; V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones &lt; V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones &lt; V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones &lt; V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones &lt; V2.2). Los dispositivos afectados no gestionan correctamente el error en caso de exceso de caracteres al configurar SNMP, lo que provoca el reinicio de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-379xx/CVE-2024-37993.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-37993",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:11.090",
"lastModified": "2024-09-10T10:15:11.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones &lt; V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones &lt; V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones &lt; V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones &lt; V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones &lt; V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones &lt; V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones &lt; V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones &lt; V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones &lt; V2.2). Las aplicaciones afectadas no autentican la creaci\u00f3n de instancias de Ajax2App. Esto podr\u00eda permitir que un atacante no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-379xx/CVE-2024-37994.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-37994",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:11.340",
"lastModified": "2024-09-10T10:15:11.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones &lt; V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones &lt; V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones &lt; V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones &lt; V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones &lt; V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones &lt; V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones &lt; V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones &lt; V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones &lt; V2.2). La aplicaci\u00f3n afectada contiene un elemento de configuraci\u00f3n oculto para habilitar la funcionalidad de depuraci\u00f3n. Esto podr\u00eda permitir que un atacante obtenga informaci\u00f3n sobre la configuraci\u00f3n interna de la implementaci\u00f3n."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-912"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-379xx/CVE-2024-37995.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-37995",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:11.570",
"lastModified": "2024-09-10T10:15:11.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones &lt; V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones &lt; V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones &lt; V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones &lt; V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones &lt; V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones &lt; V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones &lt; V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones &lt; V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones &lt; V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones &lt; V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones &lt; V2.2). La aplicaci\u00f3n afectada maneja incorrectamente el error durante la carga de un certificado defectuoso, lo que provoca el bloqueo de la aplicaci\u00f3n. Esta vulnerabilidad podr\u00eda permitir a un atacante revelar informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html",
"source": "productcert@siemens.com"
}
]
}

78
CVE-2024/CVE-2024-407xx/CVE-2024-40754.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-40754",
"sourceIdentifier": "PSIRT@samsung.com",
"published": "2024-09-10T11:15:10.503",
"lastModified": "2024-09-10T11:15:10.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "PSIRT@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/Samsung/escargot/pull/1369",
"source": "PSIRT@samsung.com"
}
]
}

104
CVE-2024/CVE-2024-411xx/CVE-2024-41170.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-41170",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:11.797",
"lastModified": "2024-09-10T10:15:11.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2302 (todas las versiones anteriores a V2302.0015) y Tecnomatix Plant Simulation V2404 (todas las versiones anteriores a V2404.0004). Las aplicaciones afectadas contienen una vulnerabilidad de desbordamiento de pila al analizar archivos SPP especialmente dise\u00f1ados. Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo en el contexto del proceso actual."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-427715.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-411xx/CVE-2024-41171.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-41171",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:12.000",
"lastModified": "2024-09-10T10:15:12.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINUMERIK 828D V4 (todas las versiones), SINUMERIK 828D V5 (todas las versiones &lt; V5.24), SINUMERIK 840D sl V4 (todas las versiones), SINUMERIK ONE (todas las versiones &lt; V6.24). Los dispositivos afectados no aplican correctamente las restricciones de acceso a los scripts que el sistema ejecuta regularmente con privilegios elevados. Esto podr\u00eda permitir que un atacante local autenticado aumente sus privilegios en el sistema subyacente."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-342438.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-423xx/CVE-2024-42344.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-42344",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:12.213",
"lastModified": "2024-09-10T10:15:12.213",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada inserta informaci\u00f3n confidencial en un archivo de registro que pueden leer todos los usuarios leg\u00edtimos del sistema subyacente. Esto podr\u00eda permitir que un atacante autenticado comprometa la confidencialidad de los datos de configuraci\u00f3n de otros usuarios."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-423xx/CVE-2024-42345.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-42345",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:12.433",
"lastModified": "2024-09-10T10:15:12.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada no gestiona correctamente el establecimiento y la invalidaci\u00f3n de sesiones de usuario. Esto podr\u00eda permitir que un atacante remoto eluda la autenticaci\u00f3n multifactor adicional para el establecimiento de sesiones de usuario."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-869574.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-436xx/CVE-2024-43647.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-43647",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:12.650",
"lastModified": "2024-09-10T10:15:12.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (Todas las versiones), versiones), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (Todas las versiones). Los dispositivos afectados no manejan correctamente los paquetes TCP con una estructura incorrecta. Esto podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio. Para restablecer las operaciones normales, es necesario desconectar y volver a conectar el cable de red del dispositivo."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-437xx/CVE-2024-43781.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-43781",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:12.897",
"lastModified": "2024-09-10T10:15:12.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SINUMERIK 828D V4 (todas las versiones &lt; V4.95 SP3), SINUMERIK 840D sl V4 (todas las versiones &lt; V4.95 SP3 en relaci\u00f3n con el uso de Create MyConfig (CMC) &lt;= V4.8 SP1 HF6), SINUMERIK ONE (todas las versiones &lt; V6.23 en relaci\u00f3n con el uso de Create MyConfig (CMC) &lt;= V6.6), SINUMERIK ONE (todas las versiones &lt; V6.15 SP4 en relaci\u00f3n con el uso de Create MyConfig (CMC) &lt;= V6.6). Los sistemas afectados, que han sido equipados con Create MyConfig (CMC), contienen una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro. Esto podr\u00eda permitir que un usuario autenticado local con privilegios bajos lea informaci\u00f3n confidencial y, de este modo, eluda las restricciones de acceso."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097786.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-440xx/CVE-2024-44087.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-44087",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:13.140",
"lastModified": "2024-09-10T10:15:13.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Automation License Manager V5 (todas las versiones), Automation License Manager V6.0 (todas las versiones), Automation License Manager V6.2 (todas las versiones &lt; V6.2 Upd3). Las aplicaciones afectadas no validan correctamente ciertos campos en los paquetes de red entrantes en el puerto 4410/tcp. Esto podr\u00eda permitir que un atacante remoto no autenticado provoque un desbordamiento de enteros y el bloqueo de la aplicaci\u00f3n. Esta condici\u00f3n de denegaci\u00f3n de servicio podr\u00eda impedir que los usuarios leg\u00edtimos utilicen productos posteriores que dependan de la aplicaci\u00f3n afectada para la verificaci\u00f3n de la licencia."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-103653.html",
"source": "productcert@siemens.com"
}
]
}

104
CVE-2024/CVE-2024-450xx/CVE-2024-45032.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-45032",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-09-10T10:15:13.407",
"lastModified": "2024-09-10T10:15:13.407",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Industrial Edge Management Pro (todas las versiones anteriores a la V1.9.5) e Industrial Edge Management Virtual (todas las versiones anteriores a la V2.3.1-1). Los componentes afectados no validan correctamente los tokens de los dispositivos. Esto podr\u00eda permitir que un atacante remoto no autenticado se haga pasar por otros dispositivos incorporados al sistema."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-359713.html",
"source": "productcert@siemens.com"
}
]
}

79
CVE-2024/CVE-2024-456xx/CVE-2024-45625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45625",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-09-09T05:15:01.827",
"lastModified": "2024-09-09T13:03:38.303",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-10T11:19:40.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,88 @@
"value": "Existe una vulnerabilidad de cross site scripting en las versiones de Forminator anteriores a la 1.34.1. Si se aprovecha esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que siga una URL creada y acceda a la p\u00e1gina web con el formulario web creado por Forminator."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.34.1",
"matchCriteriaId": "8E8BE6AB-1155-4FD3-AD4B-D87C1A347C71"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN65724976/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?new=3135507%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js&old=3111152%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/forminator/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://wpmudev.com/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}
]
}

29
CVE-2024/CVE-2024-458xx/CVE-2024-45845.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-45845",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-10T11:15:10.660",
"lastModified": "2024-09-10T11:15:10.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/NixOS/nix/tags",
"source": "cve@mitre.org"
},
{
"url": "https://news.ycombinator.com/item?id=41492994",
"source": "cve@mitre.org"
},
{
"url": "https://puckipedia.com/7hkj-98sq/qixt",
"source": "cve@mitre.org"
}
]
}

76
CVE-2024/CVE-2024-77xx/CVE-2024-7770.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-7770",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-10T11:15:10.780",
"lastModified": "2024-09-10T11:15:10.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Http/Controllers/FileManagerController.php#L26",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinder.class.php#L1210",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinder.class.php#L3257",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinderConnector.class.php#L160",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3138710/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cae7702-e531-45b9-9131-42edbc073a07?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2024/CVE-2024-82xx/CVE-2024-8241.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-8241",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-10T10:15:13.653",
"lastModified": "2024-09-10T10:15:13.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Nova Blocks de Pixelgrade para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo 'align' del bloque de Gutenberg 'wp:separator' en todas las versiones hasta la 2.1.7 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/pixelgrade/nova-blocks/commit/655b5b804306c3ca3a59707cc2f12098e193b4ca",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3148752/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/nova-blocks/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3011befd-c0c6-4800-a370-e592c3ec483f?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-85xx/CVE-2024-8543.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-8543",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-10T10:15:13.887",
"lastModified": "2024-09-10T10:15:13.887",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Slider comparison image before and after para WordPress es vulnerable a la ejecuci\u00f3n de Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado [sciba] del complemento en todas las versiones hasta la 0.8.3 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/slider-comparison-image-before-and-after/trunk/sciba.php#L39",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14ab5d7c-ab46-4a53-b0d2-8b331e204cf3?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2024/CVE-2024-86xx/CVE-2024-8645.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-8645",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-09-10T10:15:14.113",
"lastModified": "2024-09-10T10:15:14.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file"
},
{
"lang": "es",
"value": "La falla del disector SPRT en Wireshark 4.2.0 a 4.0.5 y 4.0.0 a 4.0.15 permite la denegaci\u00f3n de servicio a trav\u00e9s de la inyecci\u00f3n de paquetes o un archivo de captura creado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-824"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19559",
"source": "cve@gitlab.com"
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2024-10.html",
"source": "cve@gitlab.com"
}
]
}

89
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-09-10T10:00:18.590134+00:00
2024-09-10T12:00:20.451537+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-09-10T09:15:07.497000+00:00
2024-09-10T11:19:40.113000+00:00
```
### Last Data Feed Release
@ -33,48 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
262304
262332
```
### CVEs added in the last Commit
Recently added CVEs: `24`
Recently added CVEs: `28`
- [CVE-2024-39574](CVE-2024/CVE-2024-395xx/CVE-2024-39574.json) (`2024-09-10T09:15:02.290`)
- [CVE-2024-39580](CVE-2024/CVE-2024-395xx/CVE-2024-39580.json) (`2024-09-10T09:15:02.740`)
- [CVE-2024-39581](CVE-2024/CVE-2024-395xx/CVE-2024-39581.json) (`2024-09-10T09:15:02.993`)
- [CVE-2024-39582](CVE-2024/CVE-2024-395xx/CVE-2024-39582.json) (`2024-09-10T09:15:03.243`)
- [CVE-2024-39583](CVE-2024/CVE-2024-395xx/CVE-2024-39583.json) (`2024-09-10T09:15:03.513`)
- [CVE-2024-42424](CVE-2024/CVE-2024-424xx/CVE-2024-42424.json) (`2024-09-10T08:15:02.487`)
- [CVE-2024-42425](CVE-2024/CVE-2024-424xx/CVE-2024-42425.json) (`2024-09-10T09:15:03.777`)
- [CVE-2024-42427](CVE-2024/CVE-2024-424xx/CVE-2024-42427.json) (`2024-09-10T08:15:02.760`)
- [CVE-2024-43385](CVE-2024/CVE-2024-433xx/CVE-2024-43385.json) (`2024-09-10T09:15:04.150`)
- [CVE-2024-43386](CVE-2024/CVE-2024-433xx/CVE-2024-43386.json) (`2024-09-10T09:15:04.400`)
- [CVE-2024-43387](CVE-2024/CVE-2024-433xx/CVE-2024-43387.json) (`2024-09-10T09:15:04.690`)
- [CVE-2024-43388](CVE-2024/CVE-2024-433xx/CVE-2024-43388.json) (`2024-09-10T09:15:04.953`)
- [CVE-2024-43389](CVE-2024/CVE-2024-433xx/CVE-2024-43389.json) (`2024-09-10T09:15:05.220`)
- [CVE-2024-43390](CVE-2024/CVE-2024-433xx/CVE-2024-43390.json) (`2024-09-10T09:15:05.537`)
- [CVE-2024-43391](CVE-2024/CVE-2024-433xx/CVE-2024-43391.json) (`2024-09-10T09:15:05.760`)
- [CVE-2024-43392](CVE-2024/CVE-2024-433xx/CVE-2024-43392.json) (`2024-09-10T09:15:06.100`)
- [CVE-2024-43393](CVE-2024/CVE-2024-433xx/CVE-2024-43393.json) (`2024-09-10T09:15:06.367`)
- [CVE-2024-6596](CVE-2024/CVE-2024-65xx/CVE-2024-6596.json) (`2024-09-10T08:15:03.350`)
- [CVE-2024-7618](CVE-2024/CVE-2024-76xx/CVE-2024-7618.json) (`2024-09-10T08:15:03.620`)
- [CVE-2024-7655](CVE-2024/CVE-2024-76xx/CVE-2024-7655.json) (`2024-09-10T08:15:03.830`)
- [CVE-2024-7698](CVE-2024/CVE-2024-76xx/CVE-2024-7698.json) (`2024-09-10T09:15:06.847`)
- [CVE-2024-7699](CVE-2024/CVE-2024-76xx/CVE-2024-7699.json) (`2024-09-10T09:15:07.180`)
- [CVE-2024-7734](CVE-2024/CVE-2024-77xx/CVE-2024-7734.json) (`2024-09-10T08:15:04.020`)
- [CVE-2024-8258](CVE-2024/CVE-2024-82xx/CVE-2024-8258.json) (`2024-09-10T09:15:07.497`)
- [CVE-2023-30756](CVE-2023/CVE-2023-307xx/CVE-2023-30756.json) (`2024-09-10T10:15:06.197`)
- [CVE-2023-49069](CVE-2023/CVE-2023-490xx/CVE-2023-49069.json) (`2024-09-10T10:15:08.947`)
- [CVE-2024-32006](CVE-2024/CVE-2024-320xx/CVE-2024-32006.json) (`2024-09-10T10:15:09.473`)
- [CVE-2024-33698](CVE-2024/CVE-2024-336xx/CVE-2024-33698.json) (`2024-09-10T10:15:09.707`)
- [CVE-2024-35783](CVE-2024/CVE-2024-357xx/CVE-2024-35783.json) (`2024-09-10T10:15:09.937`)
- [CVE-2024-37990](CVE-2024/CVE-2024-379xx/CVE-2024-37990.json) (`2024-09-10T10:15:10.227`)
- [CVE-2024-37991](CVE-2024/CVE-2024-379xx/CVE-2024-37991.json) (`2024-09-10T10:15:10.600`)
- [CVE-2024-37992](CVE-2024/CVE-2024-379xx/CVE-2024-37992.json) (`2024-09-10T10:15:10.837`)
- [CVE-2024-37993](CVE-2024/CVE-2024-379xx/CVE-2024-37993.json) (`2024-09-10T10:15:11.090`)
- [CVE-2024-37994](CVE-2024/CVE-2024-379xx/CVE-2024-37994.json) (`2024-09-10T10:15:11.340`)
- [CVE-2024-37995](CVE-2024/CVE-2024-379xx/CVE-2024-37995.json) (`2024-09-10T10:15:11.570`)
- [CVE-2024-40754](CVE-2024/CVE-2024-407xx/CVE-2024-40754.json) (`2024-09-10T11:15:10.503`)
- [CVE-2024-41170](CVE-2024/CVE-2024-411xx/CVE-2024-41170.json) (`2024-09-10T10:15:11.797`)
- [CVE-2024-41171](CVE-2024/CVE-2024-411xx/CVE-2024-41171.json) (`2024-09-10T10:15:12.000`)
- [CVE-2024-42344](CVE-2024/CVE-2024-423xx/CVE-2024-42344.json) (`2024-09-10T10:15:12.213`)
- [CVE-2024-42345](CVE-2024/CVE-2024-423xx/CVE-2024-42345.json) (`2024-09-10T10:15:12.433`)
- [CVE-2024-43647](CVE-2024/CVE-2024-436xx/CVE-2024-43647.json) (`2024-09-10T10:15:12.650`)
- [CVE-2024-43781](CVE-2024/CVE-2024-437xx/CVE-2024-43781.json) (`2024-09-10T10:15:12.897`)
- [CVE-2024-44087](CVE-2024/CVE-2024-440xx/CVE-2024-44087.json) (`2024-09-10T10:15:13.140`)
- [CVE-2024-45032](CVE-2024/CVE-2024-450xx/CVE-2024-45032.json) (`2024-09-10T10:15:13.407`)
- [CVE-2024-45845](CVE-2024/CVE-2024-458xx/CVE-2024-45845.json) (`2024-09-10T11:15:10.660`)
- [CVE-2024-7770](CVE-2024/CVE-2024-77xx/CVE-2024-7770.json) (`2024-09-10T11:15:10.780`)
- [CVE-2024-8241](CVE-2024/CVE-2024-82xx/CVE-2024-8241.json) (`2024-09-10T10:15:13.653`)
- [CVE-2024-8543](CVE-2024/CVE-2024-85xx/CVE-2024-8543.json) (`2024-09-10T10:15:13.887`)
- [CVE-2024-8645](CVE-2024/CVE-2024-86xx/CVE-2024-8645.json) (`2024-09-10T10:15:14.113`)
### CVEs modified in the last Commit
Recently modified CVEs: `5`
Recently modified CVEs: `27`
- [CVE-2023-26310](CVE-2023/CVE-2023-263xx/CVE-2023-26310.json) (`2024-09-10T08:15:01.923`)
- [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-09-10T08:15:02.147`)
- [CVE-2024-39463](CVE-2024/CVE-2024-394xx/CVE-2024-39463.json) (`2024-09-10T08:15:02.380`)
- [CVE-2024-43898](CVE-2024/CVE-2024-438xx/CVE-2024-43898.json) (`2024-09-10T08:15:02.960`)
- [CVE-2024-44944](CVE-2024/CVE-2024-449xx/CVE-2024-44944.json) (`2024-09-10T08:15:03.230`)
- [CVE-2019-10923](CVE-2019/CVE-2019-109xx/CVE-2019-10923.json) (`2024-09-10T10:15:03.397`)
- [CVE-2020-25236](CVE-2020/CVE-2020-252xx/CVE-2020-25236.json) (`2024-09-10T10:15:03.727`)
- [CVE-2022-36361](CVE-2022/CVE-2022-363xx/CVE-2022-36361.json) (`2024-09-10T10:15:03.930`)
- [CVE-2022-36362](CVE-2022/CVE-2022-363xx/CVE-2022-36362.json) (`2024-09-10T10:15:04.130`)
- [CVE-2022-36363](CVE-2022/CVE-2022-363xx/CVE-2022-36363.json) (`2024-09-10T10:15:04.293`)
- [CVE-2022-42784](CVE-2022/CVE-2022-427xx/CVE-2022-42784.json) (`2024-09-10T10:15:04.440`)
- [CVE-2022-43716](CVE-2022/CVE-2022-437xx/CVE-2022-43716.json) (`2024-09-10T10:15:04.627`)
- [CVE-2022-43767](CVE-2022/CVE-2022-437xx/CVE-2022-43767.json) (`2024-09-10T10:15:04.850`)
- [CVE-2022-43768](CVE-2022/CVE-2022-437xx/CVE-2022-43768.json) (`2024-09-10T10:15:05.020`)
- [CVE-2022-46144](CVE-2022/CVE-2022-461xx/CVE-2022-46144.json) (`2024-09-10T10:15:05.170`)
- [CVE-2023-44317](CVE-2023/CVE-2023-443xx/CVE-2023-44317.json) (`2024-09-10T10:15:06.443`)
- [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2024-09-10T10:15:07.013`)
- [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2024-09-10T10:15:07.217`)
- [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2024-09-10T10:15:07.467`)
- [CVE-2023-46280](CVE-2023/CVE-2023-462xx/CVE-2023-46280.json) (`2024-09-10T10:15:07.977`)
- [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-09-10T10:15:08.120`)
- [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-09-10T10:15:08.240`)
- [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-09-10T10:15:08.353`)
- [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-09-10T10:15:08.467`)
- [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-09-10T10:15:08.577`)
- [CVE-2023-48363](CVE-2023/CVE-2023-483xx/CVE-2023-48363.json) (`2024-09-10T10:15:08.697`)
- [CVE-2023-48364](CVE-2023/CVE-2023-483xx/CVE-2023-48364.json) (`2024-09-10T10:15:08.833`)
- [CVE-2024-21483](CVE-2024/CVE-2024-214xx/CVE-2024-21483.json) (`2024-09-10T10:15:09.173`)
- [CVE-2024-30321](CVE-2024/CVE-2024-303xx/CVE-2024-30321.json) (`2024-09-10T10:15:09.340`)
- [CVE-2024-45625](CVE-2024/CVE-2024-456xx/CVE-2024-45625.json) (`2024-09-10T11:19:40.113`)
## Download and Usage

140
_state.csv
View File

@ -103135,8 +103135,8 @@ CVE-2017-2676,0,0,050be941dea9bfc7ed82777b33c51dc90b7674a6df5d1bf3290efd22aea9f5
CVE-2017-2677,0,0,351f62095b73014426f7852781699c583c2157de11fef699dba2f8bd57b9cef1,2023-11-07T02:43:55.580000
CVE-2017-2678,0,0,25468c73a1ef476e7ec5eefc56aa86a9d9a4290a481b5750b6fecaafa6325e7b,2023-11-07T02:43:55.963000
CVE-2017-2679,0,0,3bc747166047b6b41a64c4bb9c9ea16c230c7633dc072e7859c3907327a13776,2023-11-07T02:43:56.347000
CVE-2017-2680,0,0,0682df14f44200f75bac33749eb483588a77ef0ae2ec19193912b9d4dfe210dd,2024-07-09T12:15:03.820000
CVE-2017-2681,0,0,d2bbec5ce9d2598e154be6df533e5bbafb445676b66da8daf1c45e9efe897036,2024-07-09T12:15:04.280000
CVE-2017-2680,0,1,719855314b28e78c0d9037a18e165bc848b8f372391d7e74cd0facbe5e2b8d1e,2024-09-10T10:15:02.153000
CVE-2017-2681,0,1,1901181c7415ca5f2aed5c855d6c09aa036699e7f40d0d3a3b8d4ccb8f97ace4,2024-09-10T10:15:03.063000
CVE-2017-2682,0,0,07882bed21afd3c95d840c1791fa8ef120062812c12b77cc3d656f87ecadbd37,2017-07-17T13:18:24.877000
CVE-2017-2683,0,0,e57f8837717eb1418a768c2837641c9586bc172f0fb5a900f91630078424f906,2017-07-17T13:18:24.953000
CVE-2017-2684,0,0,d0876fb19e045ef6f39e2a04d713318e1c5cfa6b7905297e8e4ec80098e01056,2019-10-09T23:27:06.587000
@ -129117,7 +129117,7 @@ CVE-2019-1092,0,0,6edb368d7f1a133c357dc70cde06474a352b5a719bd19060da9f2c4d6794b5
CVE-2019-10920,0,0,0652c8aaa04834ad830a596d1e7034dba9881c29f8e82b96fadb4c3743781175,2022-01-04T18:10:56.570000
CVE-2019-10921,0,0,dd3098d492ef3bc1d945c7fdac73fbc4522f3748d43a73d61897d8406747508e,2022-01-04T18:11:04.483000
CVE-2019-10922,0,0,6f88d3c4e3178efc2ce9df09b081c1da3e844bfccc672ec6c2497aee407c738a,2020-10-02T14:36:36.303000
CVE-2019-10923,0,0,76d2d0a7732282c2c6f1b19fb62daf6f103a361d4f2cd16a8bd2229d32f49d38,2023-05-09T13:15:12.763000
CVE-2019-10923,0,1,befae9f235d8e22197f3e3c07df3dc88d6f82462edd710c84ca6613c9b00d415,2024-09-10T10:15:03.397000
CVE-2019-10924,0,0,8c5b5296830ab3e2c2fc0aed4100a1af81565980a6d25582c80dd493d8ba2eef,2022-01-04T18:11:08.360000
CVE-2019-10925,0,0,ef90084b53084393dd289d8894a210d60c41ca19bf6d724c0c0a88864719385a,2021-03-15T18:15:15.393000
CVE-2019-10926,0,0,7eeb4a9a10d2bb7498e0c7046f95b90ad41dab587d6ff60276d9242e56932738,2021-03-15T18:15:15.503000
@ -154599,7 +154599,7 @@ CVE-2020-25232,0,0,86034af8f52d27050807a8d8a62ce6a7006d288bd57ffe2275e1bab49387c
CVE-2020-25233,0,0,a2df778e73cfedc1daa768685161ee1134fe6effd620190249ad25490db60078,2020-12-16T17:40:18.947000
CVE-2020-25234,0,0,a1ee01a28c60e4b1c4530b4e9bbd4c87d950d89f78e70c91a2ff3f4fc6869d7e,2020-12-16T15:48:06.450000
CVE-2020-25235,0,0,23fda00ca555b44cb1ba88a1e53a66d38d7b7dcfa75b9b058886462d74a68c45,2020-12-16T15:38:08.537000
CVE-2020-25236,0,0,0680d6db4ed7bb8409ae75645eed92076fdc4c3b00c7ca6655f89f56c49ac29c,2023-12-12T12:15:07.960000
CVE-2020-25236,0,1,e41a5d0b27544b654c210327520512a854c83d3f9245f7940ae91f8bd766c52d,2024-09-10T10:15:03.727000
CVE-2020-25237,0,0,bd1174551d3bac8743ce241a0ddf90481c91f59a35e01a3207735fa06439d7c2,2021-03-10T12:52:29.993000
CVE-2020-25238,0,0,27530508ed6a447eedfb9642292068b1cde0cf09f43e66c8440e5adda7afc3a1,2022-10-21T18:21:51.103000
CVE-2020-25239,0,0,53df4326b5619d106649d5cd50e8bdeac62d3fd91dc0cbf99dcd430f16fe481a,2021-03-18T18:28:29.047000
@ -203223,9 +203223,9 @@ CVE-2022-36358,0,0,d8ab954732651093cb3ddf83b9d4f42bd676d689c1b0a8e7f12efc730d47f
CVE-2022-36359,0,0,cb59ce0a1c10a8b366e24bb22c2634854382cda0af52bd35f65d6f2a075f85f5,2023-11-07T03:49:36.670000
CVE-2022-3636,0,0,75def10d60d16bfb23d7c718385ffde793518980bc9e421807aeed368708b292,2023-11-07T03:51:33.507000
CVE-2022-36360,0,0,3a982649b709c80e5c0ecf462b67c3cb8e32cf61f278c7330a7537ab517de962,2023-07-21T20:06:03.153000
CVE-2022-36361,0,0,fe71c074feb6d7f07bda80794679a9240445cc9448c17959a6672a34bcebffc1,2023-12-12T12:15:09.510000
CVE-2022-36362,0,0,24b63e6b795cd497e518ddd1eba3591eec89da60ede18812fde4a33a8a5e6d04,2023-12-12T12:15:09.630000
CVE-2022-36363,0,0,6f7780d8f676b64b5c3a8d709207fd8d5b561ca71013578893ea2c11134327cf,2023-12-12T12:15:09.740000
CVE-2022-36361,0,1,30db183bf570f4df7aa5f3f073a7a9c3769da15bca80894dfc43ffc7b13bcbf7,2024-09-10T10:15:03.930000
CVE-2022-36362,0,1,1103eb4bc71fc4be90ea02d583825c3b3ae2dcc74c56c41563d9536a9fd87449,2024-09-10T10:15:04.130000
CVE-2022-36363,0,1,a78b894b4055654277f23131fc9f3afeaa75366b708d5e010f43fef96049bff0,2024-09-10T10:15:04.293000
CVE-2022-36364,0,0,738cd4acef905c428d04eb94247dcf9d6abd767f5a3dcc49e386ec9b30cce505,2022-08-03T19:36:48.113000
CVE-2022-36365,0,0,b808a7363f78b14f06a56cc19ea136df22e3d54cb59b56676f130ce4a39e706a,2022-09-23T16:53:26.720000
CVE-2022-36367,0,0,eca17243390812d2915ec3ee525429ffb7a0d8f8b9dcdce68305eeb460fbb632,2022-11-17T14:43:38.567000
@ -208105,7 +208105,7 @@ CVE-2022-42780,0,0,53eb703be38376e44aaeb153f94985d6f1a6510ad3a96114dc31d6afcc9fd
CVE-2022-42781,0,0,c04425e12ff546c681a8c65a496c4e635548e9e2fa1f90bbe6cd89b94933deec,2023-11-07T03:53:34.130000
CVE-2022-42782,0,0,7a98176714758091a77b2a02b83aa6b4e0c1cefdd4c694246854a9a3ab6f2037,2023-11-07T03:53:34.357000
CVE-2022-42783,0,0,ca0f3dd087b43778e9def7835111245fe125e662e934c5215939041d08f4a519,2023-02-22T16:01:51.523000
CVE-2022-42784,0,0,257372732c905188945972d5a8b3abc6c12f2650eecb32d258d86505168ea4b2,2023-12-18T14:51:14.167000
CVE-2022-42784,0,1,33a28cf7967e0d02fee0ece1ef112b3b9e5f2ccf8904b0e977dda615e513346c,2024-09-10T10:15:04.440000
CVE-2022-42785,0,0,a26dbab9ede7e28da7bbed0a0f10438f9a5f0b3516204e4871ea26a05da3813d,2022-11-21T16:20:44.763000
CVE-2022-42786,0,0,b5ff77f8c778764805711c20d80022bcf716bdc88b3cc1eb0a2765a4d96bd2c2,2023-01-20T14:53:21.557000
CVE-2022-42787,0,0,a585356117b67087487774a0a1f58b0992cdcb84af9e666ffd6499f748413724,2022-12-02T22:48:52.793000
@ -208875,7 +208875,7 @@ CVE-2022-43710,0,0,8252021b200bf69a0879f2153da2a55121d0a089867a62fedaecf3856e956
CVE-2022-43711,0,0,75fdb24330479eec6752c493ca1c0dcce71aeb60bb9f4a3ec519941a11409ccf,2023-08-04T15:37:18.857000
CVE-2022-43712,0,0,1f3633e27afb31c08675af9ad75e88d9090a100378c1dd0bb148e9db326b39a8,2023-08-04T19:39:49.167000
CVE-2022-43713,0,0,3b09413887004099df215f7892a533fc48188411143c782898fe9f5c50a6c722,2023-08-04T15:49:03.637000
CVE-2022-43716,0,0,194aefc3ba614e0eada7a8943ed6e6362818adfd7b305b82cd5fa89323b290a9,2024-06-11T09:15:11.587000
CVE-2022-43716,0,1,bfbdcdd5188bd491bf22c9469dee5c2bb33e93ce8bec29584e0419dcaf894f74,2024-09-10T10:15:04.627000
CVE-2022-43717,0,0,29a13eb1c3f929491bd4890a5cb91a25d48a2fac30e9970c5e3fca2bfdb8dc2a,2023-11-07T03:54:02.080000
CVE-2022-43718,0,0,51b91014b37759fc7d6f30b773c9245370da36aee436ce0fdb04abfef0b7be6d,2023-11-07T03:54:02.147000
CVE-2022-43719,0,0,9da90bb4a2392e204bd77bf5d850869c967f8868f874775c7eb15f6046044bbe,2023-11-07T03:54:02.217000
@ -208910,8 +208910,8 @@ CVE-2022-43763,0,0,5a89e9f45eca27bce0aa45ce577a620669ed5e3ebab8b84f8dcf7a19ae004
CVE-2022-43764,0,0,716b8b424507a69b00e70c4405a7965a2425612c9c2407ffa58e57b9f6aff0c4,2023-11-07T03:54:03.047000
CVE-2022-43765,0,0,44ee1e3446597470fdbd000b472754c793e58c2bd9cb62ee518505ee0e553772,2023-11-07T03:54:03.167000
CVE-2022-43766,0,0,7252af6f9dfbacf46c1176ccbcb8e24bb25544d5bd255322669bae6a2f5c9dc8,2022-10-28T17:43:04.957000
CVE-2022-43767,0,0,bf9a755499df7bda22423a64066b3810646672b3b1ac450108310bcc7acf3d71,2024-06-11T09:15:11.907000
CVE-2022-43768,0,0,b65afcf4e337a313fa2368e5f699d022fc8e0570a887e8d4f7cb589f99280eda,2024-06-11T09:15:12.230000
CVE-2022-43767,0,1,f89060ed3e2366e8a6cf037030edd43c9251c3afc7ec90ad6a32c92ab3e75370,2024-09-10T10:15:04.850000
CVE-2022-43768,0,1,edf5407d74d6f667a1bf44cc04eaff97fb1e3cd8f57f4513fb3a96858688e127,2024-09-10T10:15:05.020000
CVE-2022-43769,0,0,6193bf39ab361d0d09d7541bb9113ad8e91c1d98e87b991062831326c40ac0d3,2023-05-11T18:15:10.847000
CVE-2022-4377,0,0,890e2040f72a4793bbfca8d95172ab2b0885f1d3967676a282f264523ced7af8,2023-11-07T03:57:41.830000
CVE-2022-43770,0,0,144b5857412284c6bb62958984410e66a6e2a0698a54d1121d842982e14b87cb,2023-04-20T19:47:28.430000
@ -210444,7 +210444,7 @@ CVE-2022-46140,0,0,0712d38e67b0ea79032215b4bf74ff40ac887fbb82d84f667826d6e174499
CVE-2022-46141,0,0,7e8b1bd776ac3ead1331d8517aad43a677ddf61c6250b76e8d2fe91ca8d647d2,2023-12-15T15:25:08.557000
CVE-2022-46142,0,0,20adf9da98863cb88194bbb7f513fc1ee61c018019bc165f3c2b2a49e9c660b3,2023-03-14T10:15:24.137000
CVE-2022-46143,0,0,b2840c246c8f5cf8b044875496df1888552d6b323ee32c20f66a96f8ea7c1783,2024-08-13T08:15:05.483000
CVE-2022-46144,0,0,9f4d0a1d99f33ccf042d56c5770f1a63b93ead0d06152f6e232560517cd2ac5f,2024-06-11T09:15:12.590000
CVE-2022-46144,0,1,f0cb206abfd1713c9d15874f8a187c90bf91ee61d36d8855b4d787172a597b98,2024-09-10T10:15:05.170000
CVE-2022-46145,0,0,6bbab686c5e58e3eba776c5bf03bc3a160f730f487ff34eb9da030dbc8db223a,2023-06-23T17:54:04.830000
CVE-2022-46146,0,0,7165ae3c480087b46becbb3e46119b1ead04bccea1432ff5ddbe81728aa47431,2024-01-12T12:15:45.110000
CVE-2022-46147,0,0,56f24172f7c3cf20b7a142bf8790b5e83ee4e62a116dd5e78d372e9ff400d70c,2022-12-01T23:07:20.930000
@ -219706,7 +219706,7 @@ CVE-2023-26302,0,0,9a411354ae785ac90c36e058d2706fcf6cec1b10c12fed5812806e7295361
CVE-2023-26303,0,0,ce47480aa075712e3659ab1c5924fc205dec74cc6828501a996bc50bb5d49cde,2023-11-07T04:09:33.770000
CVE-2023-26309,0,0,51a32b329b4801b32eae26ca15a2553be487b677f14eb5b727a941ec0f24a709,2023-08-15T19:13:03.507000
CVE-2023-2631,0,0,4bd445bd2bec8da6a2695046ad2eabb2eb9ea9d2f819ee1d12353b574204d941,2023-05-25T16:11:45.930000
CVE-2023-26310,0,1,8caef82d89ac2db356eefe478a7bd65a3188f13eb8463cf0512126cb835b0eb9,2024-09-10T08:15:01.923000
CVE-2023-26310,0,0,8caef82d89ac2db356eefe478a7bd65a3188f13eb8463cf0512126cb835b0eb9,2024-09-10T08:15:01.923000
CVE-2023-26311,0,0,a53302d4b1bc0fe51715261bd00ff42e22fc0ce6f61dd99c4e9bea1fdf7a9e70,2023-08-15T18:59:47.580000
CVE-2023-26314,0,0,6effb9b6980e0bc6f3ed2f4a9c1dd25114a29ad0ef15b8bc6dd364afeaa586ec,2023-03-02T20:03:30.170000
CVE-2023-26315,0,0,7e3ab4d47f5232ab5703d804bcec5bfd7f9220cde67501bbc57773ca3ee6bedd,2024-09-06T22:25:54.637000
@ -221780,6 +221780,7 @@ CVE-2023-28821,0,0,4b09838e4d4a8a2917bcf5cdf5f612433b074dcb7548d0d3a766e80a60b71
CVE-2023-28823,0,0,87894b474b71bc3e46b9c394031dd0006588b5abb19d7f1ecdad5a5928c0beff,2023-11-07T04:10:54.510000
CVE-2023-28824,0,0,6217e10c10df3a710e40602c4b5f6e2e19457c4fb3b380905849d51ad7a71391,2023-06-08T13:47:32.470000
CVE-2023-28826,0,0,72ba642b7be16a1b258eb748f3c254740948996853f940079d44c2390c589230,2024-03-13T23:15:45.693000
CVE-2023-28827,1,1,c86c31b3646c9aaadfb8337ea7c102d5ef12babec1e9c55c013b42596628f90b,2024-09-10T10:15:05.347000
CVE-2023-28828,0,0,7c01788f5690e47da77e68839cb118243068e2077bb180cffc0de77a5125e0bc,2023-05-09T13:15:17.273000
CVE-2023-28829,0,0,4b5cff9cda965725817b3e2e0f35976766e508ef08936a9897600a6795af5299,2023-07-05T17:36:45.750000
CVE-2023-2883,0,0,ab9ed73cbe69a88b6f18d08ae8534916fdeccc2f5c106eb1ff09b4e5989738f8,2023-05-31T22:45:30.307000
@ -222082,6 +222083,7 @@ CVE-2023-29186,0,0,ca337c32ecd54aaa6a20ec16dcbb51606fb6bbc389b9588c61c48b5ef3e48
CVE-2023-29187,0,0,37cbc4fc5b69bdaf8977690c2054b7318ae9c92be87dc71d8fffa14a4c6fa4d2,2023-04-26T18:44:56.017000
CVE-2023-29188,0,0,c8d6b342b1f470e012069a59253d87a9442371c20c6a02a2d8c5e75f8e5eb9c6,2023-05-12T20:38:28.087000
CVE-2023-29189,0,0,5c4829e9fc65a8a0b7677e115bc730c39c808943db2b53817e35dac9785369ee,2023-04-18T19:12:51.917000
CVE-2023-2919,1,1,708d0ac809daadaee772b8d13497e2b97f428f147af71866a03ac102ad19f97d,2024-09-10T10:15:05.710000
CVE-2023-29192,0,0,73670fa84f26434b779f2c20e3669fdb19858c7fa2bf5bf6a721c3b4f9d813e7,2023-04-14T18:44:16.613000
CVE-2023-29193,0,0,6543396042e55a615e10b4819b5e1667d84c8522046ba09dfe814b3173c02517,2023-04-24T16:22:01.430000
CVE-2023-29194,0,0,1310b1d37e385d5ecd34739249a58dc353236e51fef4f2f920700bb6fccfa3ce,2023-04-25T14:33:00.543000
@ -223163,6 +223165,8 @@ CVE-2023-30751,0,0,ae585a47db8a0602ef91743e13477f6236e5e01cada54890879cfcffb4e05
CVE-2023-30752,0,0,935f7908189bd82539e41a2d86f8ebb2a263a876dda7e975f2a2fdba167b8ce6,2023-08-18T18:32:55.423000
CVE-2023-30753,0,0,0d0c2545d7d29d64dd2e70bb8b3d2a933e4c99689927dfa0f64a67ee4a45ee8d,2023-06-16T03:54:31.040000
CVE-2023-30754,0,0,579004194887953c85b1a9666a3045cdf4105f26b24ce5699a1033d5b90f0ded,2023-12-29T18:02:41.543000
CVE-2023-30755,1,1,f1e486208bd123cc32e903c003178da96d388d8594f63f1ec665bb1754c99793,2024-09-10T10:15:05.940000
CVE-2023-30756,1,1,c193c30cc5263a335b1d7e3aef2e6ba84d35d0ce7e2e04ac4430656582ce23c7,2024-09-10T10:15:06.197000
CVE-2023-30757,0,0,cff556189dd9382efd68fbcfab505f5642dfa6d74057f5975422bc45636e64b1,2023-12-12T10:15:09.900000
CVE-2023-30758,0,0,eac657fe1eec4de76cf32cf68bed951e739823521119936a2e7bd3651d4c2b3d,2023-06-07T12:57:12.083000
CVE-2023-30759,0,0,c79c26a74dc1361d051573d8f2f37b5ac0b7264a94b4d0636fc9dfbc866e044d,2023-06-27T18:36:55.627000
@ -230632,7 +230636,7 @@ CVE-2023-40544,0,0,0fc1193e5ecc7ee9670646c9d9c81e4c5888861b329951f2d39dd20b0e6ed
CVE-2023-40545,0,0,4532249010b6a6004e21372516818bfffe3ad51f3d0730df682026d0392eb917,2024-02-13T21:08:23.400000
CVE-2023-40546,0,0,840c430022137117c69e42a7f85a3f99312bf3dfec8a88942e88061a03dc1303,2024-06-10T18:15:21.780000
CVE-2023-40547,0,0,9b90cf122878fddc15a84f80df6440afc6de66065e1022a164147da635a691b2,2024-06-10T18:15:22.260000
CVE-2023-40548,0,1,388901dd40da5783ea3c49f521444e960caaba391cdaa3a84d6d27afa58d0c8e,2024-09-10T08:15:02.147000
CVE-2023-40548,0,0,388901dd40da5783ea3c49f521444e960caaba391cdaa3a84d6d27afa58d0c8e,2024-09-10T08:15:02.147000
CVE-2023-40549,0,0,17a610c3a9d3095b0cee8a99f3d7863e83f494a96b51878da371261149b72c32,2024-06-10T18:15:22.643000
CVE-2023-4055,0,0,c84104f0c8ec282dfd40a04ff729cf2844caf560f3c96dbbf5c3172d6bb6b24f,2023-08-09T21:15:11.820000
CVE-2023-40550,0,0,a235f3871948c55fedc627d33971852268ff5ba363a67d042b3fb445b9b832f0,2024-06-10T18:15:22.887000
@ -233347,9 +233351,9 @@ CVE-2023-44311,0,0,9f636032c75ac4719bb65806f83757bdf9682aff3f1b2894f2cbe3ab5b109
CVE-2023-44312,0,0,b55f0bed5b32fb9a10fa80dd795e2a2db26a169b62814fff44ce562370ac3d2a,2024-02-08T17:08:11.110000
CVE-2023-44313,0,0,788473dd20e15d46c26fea0a15a6b80abab92e76b77692224f7f5c1f6f19eb2b,2024-02-08T17:13:28.083000
CVE-2023-44315,0,0,989ee8dd510367f8ebba5e7cf28e331f132b578d9ff891d305f14cbf78005dc7,2024-07-09T12:15:09.857000
CVE-2023-44317,0,0,5b40f3b137944ee7309810dc95cd6d4561ca4a6369ab8f1b610de660d4d5af0a,2024-08-13T08:15:06.607000
CVE-2023-44317,0,1,ee2e8b1c28eed6b3915ac65b674c2d0d5a2591789cfb34a5758f99fbe43d9872,2024-09-10T10:15:06.443000
CVE-2023-44318,0,0,341d3d7b5d255dfa45a58efd8e36917c2d894512ced069601d4078d3de342de5,2024-06-11T09:15:14.333000
CVE-2023-44319,0,0,f1034bb4c3cfa156461340b46c9ac77771e8f34bb839833cb765da35f2c64cf9,2024-08-13T08:15:07.073000
CVE-2023-44319,0,1,5d4b8970a859dfa26cb608fe212352ad8d4891c21cef2a6c2c553b881c9e8bcd,2024-09-10T10:15:07.013000
CVE-2023-4432,0,0,51ff4ba9dfac44079fda611bd0d9b919e7063984434f59354de6e0beba3ce6e3,2023-08-23T16:58:29.763000
CVE-2023-44320,0,0,6344f9126342aa35fddb910bc60595b9532030a76bd0ffdb7a12da43fa45332e,2024-08-13T08:15:07.287000
CVE-2023-44321,0,0,4d96c3edcd86c04f8abee4e92403b97d81a1c6794e81f7b6e407b7f611741095,2024-08-13T08:15:07.533000
@ -233402,8 +233406,8 @@ CVE-2023-44367,0,0,b2fa876e2c5c15f1395c9e41b01f1feb1719988292d1815b87ad4714f259d
CVE-2023-4437,0,0,df0a9da3302d6af0df861f09577d9469303f893542a9e5ce64396ce50e5aa37d,2024-05-17T02:31:33.640000
CVE-2023-44371,0,0,bcac815259e9d0d227b6d57ce65befcbec474b70d67e89fe586add9b777aa421,2023-11-22T16:58:39.573000
CVE-2023-44372,0,0,eb6ed7074e4d7482b32cad1947a98bab6eedf35acd3f76700b52a63bd165fe2b,2024-02-23T19:15:08.467000
CVE-2023-44373,0,0,679e0f962cd10fe14e819ad59b51216c7708bba227ed36e648b8743542ab3d31,2024-08-13T08:15:08.033000
CVE-2023-44374,0,0,b430949d488bb1a5130f412c5e0ae44503ab5e89484424fe561aaa673c3bb077,2024-08-13T08:15:08.297000
CVE-2023-44373,0,1,d180606b87016919fa66d252dedf46e02f453a642c9b127425dbc798df8de2d4,2024-09-10T10:15:07.217000
CVE-2023-44374,0,1,9331960c4609d13c51bde1fc59dab85ec9b31d0071aeac24997812b99d1133f6,2024-09-10T10:15:07.467000
CVE-2023-44375,0,0,48b5cc51553000a2cfa67cea7f8a951d3659b6e093f2df35e76499db8afb9eef,2024-01-02T19:15:10.480000
CVE-2023-44376,0,0,03f27121c4f8ffca1841f5abcc6f000d7525e270077c8b212bbafd4e41d1bb9e,2024-01-02T19:15:10.550000
CVE-2023-44377,0,0,960eac8de781cbaac5ac605f1641529954ab7d1adeca62e37948b52710054780,2024-01-02T19:15:10.630000
@ -234592,12 +234596,12 @@ CVE-2023-46277,0,0,a6fa4dbc780bfb3b6a6202bb0e83283f9b99e7e1a7b8f1ed53b4a92f0140d
CVE-2023-46278,0,0,283a5f4d3b1f995039a2ae4f0ff4efe94da460721819375532b8f8104a5b1ff6,2023-11-08T23:22:08.177000
CVE-2023-46279,0,0,cad5cbf92c67be5e79c0f7d5a9fbe732104c543f1cf9a464893a67bc498495cf,2023-12-19T17:40:49.427000
CVE-2023-4628,0,0,9dd80f318e00bb6d35ea5e4f6175e104ad476846cbe758532913d6d17d532560,2024-03-12T12:40:13.500000
CVE-2023-46280,0,0,cca9a4196b97bf87f929801fc57b778ce5bfa52e126f588c4e6fc746ec0bcff9,2024-08-13T08:15:08.500000
CVE-2023-46281,0,0,9678d340eb8e8c3621a2295da0b683b5e535db74f413ed14e49bcf7e35065612,2024-08-13T08:15:08.660000
CVE-2023-46282,0,0,714753b6e8e7ef185c481709b11ed97b39e6fe8519123ef990d1a58187414101,2024-08-13T08:15:08.813000
CVE-2023-46283,0,0,bab6b2fd315ce2915b2ec49714854fb8bb67b39c2fc95b271f118cc3bddfba55,2024-08-13T08:15:08.950000
CVE-2023-46284,0,0,ade280cffed44a7b9421e4fbda9724a436bd200e40758e77ae5e4208b337c9fc,2024-08-13T08:15:09.073000
CVE-2023-46285,0,0,d188afff2af593d8f56e8e14ecfe1ee22fbe460fb35b399bc88e5907a79028e3,2024-08-13T08:15:09.193000
CVE-2023-46280,0,1,6c4ae465a1a29eb48d8c66a506b7f4dad5a6f2dc11c8a39d8c97bb7101790bfe,2024-09-10T10:15:07.977000
CVE-2023-46281,0,1,1e926556c2b0c2764b09b15d3e0f670867c2e23c1e27f3d771db237b5074466b,2024-09-10T10:15:08.120000
CVE-2023-46282,0,1,e0658985a81f649ad95060ef0b8bfcae0fbe476d89f85755890e814337bcc7ab,2024-09-10T10:15:08.240000
CVE-2023-46283,0,1,615dd1fc03d6e85ef09325d26ea8f1c698be99786bde20fb8bd0f45a029cf2d9,2024-09-10T10:15:08.353000
CVE-2023-46284,0,1,a2e91682c3e6b5d3f42eb474c6f7070bd0c24032987fe78825aef832105252c9,2024-09-10T10:15:08.467000
CVE-2023-46285,0,1,589c73dbf1b1b0d4f93cf2fa1fcc3d65fe2d268f13d974e4bce39dcb7c289fb7,2024-09-10T10:15:08.577000
CVE-2023-46287,0,0,85a909e3e554790149fd7a7bdc6ee45250511abf7ba5aad16e27d821e125bedd,2023-10-26T17:05:56.627000
CVE-2023-46288,0,0,4e7c3d0f2a47c2cdb963e20693070bcb74b570c31f4c02925a81ed68bcc5f5b3,2024-05-01T18:15:10.563000
CVE-2023-46289,0,0,b718fe11c7d9982447dba29076a54dbfa45cb0ef9825d49911b46533095026f6,2023-11-07T18:18:35.950000
@ -236026,8 +236030,8 @@ CVE-2023-4836,0,0,08652eb22d8d820537a32135d6cdb0072945ba41f47c5813b91b860f7c20fc
CVE-2023-48360,0,0,1cee215649e2f3611e49749f15a579a397dce0eab526eaa9428c04eb47a107d3,2024-09-09T12:21:53.383000
CVE-2023-48361,0,0,701aa49f3b16a164b735a81d4d623a8ffd5c026193f7af621d2581e771bce02f,2024-08-14T17:49:14.177000
CVE-2023-48362,0,0,c60460a7ec9b197cf25724f18c64e4d49372388ed86257e4c3dca619d16fe550,2024-08-01T13:45:08.180000
CVE-2023-48363,0,0,2bfc4ec5e7e25cb483b369af5958deb5dd28dd7cd426eb9cf32d0a8e81c4f250,2024-07-09T12:15:10.147000
CVE-2023-48364,0,0,b82391d36b810ac4492568e964e6ec98f18ee88a09432c62aa0865e4a71170e3,2024-07-09T12:15:10.277000
CVE-2023-48363,0,1,e5d71fc714d1da3860c45ceea3eeea87169be822bb46ccc4c851c505f43c2f2c,2024-09-10T10:15:08.697000
CVE-2023-48364,0,1,bf2474718bb5ba81860d0c76c545ed4b95896a92b9ac09d4f170ce62c95a1037,2024-09-10T10:15:08.833000
CVE-2023-48365,0,0,08ac0336d1b7c8130bf42658d4f4f8599137b51618c91dfe4765b7deedb1fc3a,2023-11-29T20:43:54.133000
CVE-2023-48368,0,0,14fc972e365681825e25968bdbe284b3728808e51453cd80c5c505a8e3ca41c3,2024-07-03T01:42:20.450000
CVE-2023-48369,0,0,fb4821cbffd4fdd6238c01ffc944749b9b86986102171f62f2538d2be65e0aa3,2023-12-01T21:37:48.153000
@ -236602,6 +236606,7 @@ CVE-2023-49060,0,0,0f125d0d07dbe270a6f07b57aa641d1848f31c22fb855ca4bf11b4d5b4ef2
CVE-2023-49061,0,0,dc7136ec78ed5cf0b1889d9e499076dc7861b57a74e858b10a634425002df41f,2023-11-28T19:45:33.650000
CVE-2023-49062,0,0,1d72476c88fb45368b58247aec1688b0093de275b1093249720b62193de89ed0,2023-12-04T19:46:20.953000
CVE-2023-49068,0,0,182c6949abe2a827480e4301e5ed188cb126ad03424cd6905a2140b6a730140b,2023-12-01T13:53:23.050000
CVE-2023-49069,1,1,cb0d50196d08019488e81ad83086406a5e9961b0510337f5888d43b9d0f5ffb4,2024-09-10T10:15:08.947000
CVE-2023-4907,0,0,ee7fec7a11df58ff005b9b63ad49a50bb70f5f4e575258375cd0f49a03cc2ad7,2024-01-31T17:15:17.750000
CVE-2023-49070,0,0,631766166232ba486ccd48cb00f4afe564eec8aa0b473067715b1f04d1a8cd4e,2023-12-29T18:15:39.103000
CVE-2023-49073,0,0,2a69c4407ae45adf60baf11d8aa993141dc3f78b1f8dc71c70987fff6214c4d6,2024-07-11T16:00:30.427000
@ -243995,7 +244000,7 @@ CVE-2024-2148,0,0,bc86f9f844f478ac76d45c3a67c4caddad88592d7d22e93df6505352bf9f12
CVE-2024-21480,0,0,19c0e295b8ed14a7e374e89037665afa7ec9fbf156e97e3ce4bcce5f12a8ad4e,2024-05-06T16:00:59.253000
CVE-2024-21481,0,0,968847949c8fa2e94c498cfe8af11075bb292eae36dafee0fb1ffcb1d3a84e87,2024-08-06T16:30:24.547000
CVE-2024-21482,0,0,a1338b6f330d2eb5d0f4ebfab8716243966b7865599de7ef86fae57578a2170f,2024-07-02T17:51:45.687000
CVE-2024-21483,0,0,c2d59ca54cca051cbcfef37eb0993cbdadb5979a7e9bdfb4a29df8a50b0b4b2e,2024-03-12T12:40:13.500000
CVE-2024-21483,0,1,ddfb5ce914fa1ff56560fa86379b92a602e5ea04b740e3571ddfa8961d66603e,2024-09-10T10:15:09.173000
CVE-2024-21484,0,0,170e730118f02f10a6e5229db7c5eef4d192db3745e0e44dbc53ab2277157f67,2024-03-06T14:15:47.533000
CVE-2024-21485,0,0,5dac3ea1a637c42101b33e62955da26f7c5ea3ebfcf697d6c5d1918b66c865e0,2024-03-06T14:15:47.760000
CVE-2024-21488,0,0,83c39f70c0498b72911f550d6611f69059c8c9cdf3b0f0904578cd793bad095a,2024-02-08T13:15:09.700000
@ -250182,7 +250187,7 @@ CVE-2024-30311,0,0,9aaaf7a631f27c18ba0d6e026b9e5bc097be151497f5f87035ce25407b016
CVE-2024-30312,0,0,f08a9328fc0df8fc97205027f081abf4a30dc22420a8570eec8a2d548e77aee7,2024-06-10T18:15:30.880000
CVE-2024-30314,0,0,001958112e812873f2afe024af602bc1e18aaeafca421eccd7dc6e99cd4f7d19,2024-05-22T08:15:09.777000
CVE-2024-3032,0,0,3ff0e9ee56a036f5520ddd218b15f57f43b4ef20b5bd57e06a8e81c2e3d08ed1,2024-07-02T14:45:48.633000
CVE-2024-30321,0,0,e28918f0fbb9c513516989ee55311595444221fa48735e375df29436a14b17f0,2024-07-09T18:19:14.047000
CVE-2024-30321,0,1,7f3ad8f15ea25c028515e92f7e64b7c61690659d20b0d6499853c9a9a530a6f4,2024-09-10T10:15:09.340000
CVE-2024-30322,0,0,f4e26e42e44429b86d19dca1655fc9b0e6d4cf366473cd59d34a3fd4371a1053,2024-04-03T17:24:18.150000
CVE-2024-30323,0,0,d6d47200d4c92fd98c85bfb81a96ff4ecd5c84bf8181d1e9578fd9917f267b5b,2024-04-03T17:24:18.150000
CVE-2024-30324,0,0,2ba1ad1289d8b66663b4964e19479732233e6bad3226f2e9625162b9429d0e05,2024-04-03T17:24:18.150000
@ -251337,6 +251342,7 @@ CVE-2024-32002,0,0,8b152fa71cb7888d307cedcb6036ff42410fe299ac886c8397e8f14b70468
CVE-2024-32003,0,0,31311e12a1795761553a56c6af2bf7b204ba79f18fac5a0250a8b13fef254e1b,2024-04-15T13:15:31.997000
CVE-2024-32004,0,0,46c6e95c184179de4512a1da85cf6fbcce6fe2ac4189ff7da433e0234267bb88,2024-06-26T10:15:12.050000
CVE-2024-32005,0,0,d156f3f94a9502713f64771d89d9d58b72987fd70cae51625e32aa2c9e6ee96e,2024-04-15T13:15:31.997000
CVE-2024-32006,1,1,40645957df859341ac7a1b8dd6a47ead5cbbb92fd343785d7ee984a78528f667,2024-09-10T10:15:09.473000
CVE-2024-32007,0,0,dac6e800b17b27260fecd9bce96903f007f5eec2446ab0ae841fc54dc30923d0,2024-08-01T13:51:19.560000
CVE-2024-3201,0,0,9d746fb1c422de83f85c51388b2057631f70f2332b71bf082d5fbeff58a4ab1e,2024-05-24T01:15:30.977000
CVE-2024-32017,0,0,4171151be280ba186c662a4712cd0108f86c659cb0491f443a14bc31a4f95a77,2024-06-10T18:15:31.880000
@ -252526,6 +252532,7 @@ CVE-2024-33694,0,0,26d440cb75dcd86544ffadb69d95d3097f1e6a23ac05fe9a05fb2494be46d
CVE-2024-33695,0,0,496bc8a3b6cc06e0f2cb2ff5ef3180780eefdd07d63e68d063cf97ba79dd8598,2024-04-26T15:32:22.523000
CVE-2024-33696,0,0,8adc0db7b8cce33b994e835fa3f282e25f1f4ef5644a2aed7cd50d800fe731e7,2024-04-26T15:32:22.523000
CVE-2024-33697,0,0,4a571113caa6ccf495d29be30608c42f9dddf9084d1562bed260e698c04aae88,2024-04-26T15:32:22.523000
CVE-2024-33698,1,1,fe10840169979ac8e4b21a64dc35673179fc99ec70d94036271f70a7e5de1830,2024-09-10T10:15:09.707000
CVE-2024-3371,0,0,d2e6ea20ce5eb692a4e48c27aedae40a56c8f7db204eed4d633cbd78a04f68c4,2024-04-26T15:15:49.357000
CVE-2024-3372,0,0,a196d1e45ccce196e4deb1ea2387c2fe4f6bf89b27a8a7cd4be5ebcd31c9a0db,2024-05-14T19:17:55.627000
CVE-2024-3374,0,0,3ebd1bd07a69ff470e060c4c065f62c59313c2dfc13f260402ece495f026b11b,2024-05-14T19:17:55.627000
@ -253912,6 +253919,7 @@ CVE-2024-35779,0,0,706445338be7aae5f251c8b956a0c3bf0868336274fe9963a1a9e43c59067
CVE-2024-35780,0,0,685b106b3d65ae1869c2c1c35a0354f69b2eb70c614d38b4e2c684c295e7d786,2024-06-20T12:44:01.637000
CVE-2024-35781,0,0,aa3ec547f8f8f306fe8ea0fb55240637cbf26b27603624da2638b54b69436759,2024-06-24T19:15:58.517000
CVE-2024-35782,0,0,dbc038df298fe5384dd87379cd2931409975f0d218f64474d4c9dcc1abcf8e97,2024-06-05T19:50:20.463000
CVE-2024-35783,1,1,4a561697eb20214f753c1885d36eaeac07676c033ce0721adf5f30c8eaeae8d8,2024-09-10T10:15:09.937000
CVE-2024-35784,0,0,5d7a60327e3aea236c6954addcecd342bc4303bf9f4ddbf6fdcb56f7d7e890e7,2024-05-17T18:35:35.070000
CVE-2024-35785,0,0,99251cf0758a83ae7f60c2f912cfb4919a76584c6054f38cf9392b41ad4b090a,2024-06-25T23:15:30.160000
CVE-2024-35786,0,0,e8af1ef6ccd4fa218271a6a20ff9f509feb225a9368ed4f0a4c142495813a3de,2024-05-17T18:35:35.070000
@ -255444,6 +255452,12 @@ CVE-2024-37987,0,0,f4bc331a9b09a336ebf69cac5128f3ddb41a4064b564c097fc6645464fecd
CVE-2024-37988,0,0,c86291a0f061c05259fe7a7336e8616b7d2b496dae2d1e3292124af3161a49e9,2024-07-12T19:01:50.753000
CVE-2024-37989,0,0,3b94113ccd1695e55c704a3f38d763d5ec54c44f354e4b1fe1efc7884dacd2de,2024-07-12T18:52:38.387000
CVE-2024-3799,0,0,099fb34e0ee28d9311fbf29cfaad6b5950bd5e198b1ff9c15d8b2a88d4538973,2024-07-12T10:15:02.353000
CVE-2024-37990,1,1,13021277601d9d014a4b4e59de181df78d85e36645bc227f3ee835cdc3af3d78,2024-09-10T10:15:10.227000
CVE-2024-37991,1,1,2218e92b9c1a570691b273d68597c6315e81e006050368bdb5741fdf54cd1367,2024-09-10T10:15:10.600000
CVE-2024-37992,1,1,97cb290f8179db96645274a8642d5284937910406a14b8275e75f23045e7dccd,2024-09-10T10:15:10.837000
CVE-2024-37993,1,1,1342914a1915d73321df03c28a5aeff7bb708f4db298f4553f9ba398b7d92871,2024-09-10T10:15:11.090000
CVE-2024-37994,1,1,e40a22030616a840260b7b353e31fb4cc65c31c0004bc1a38e78912c62dae7eb,2024-09-10T10:15:11.340000
CVE-2024-37995,1,1,f0761cd3da7ab428c8d5aa102f98f3fce06942f19fc6329e5d0c0e64754adb20,2024-09-10T10:15:11.570000
CVE-2024-37996,0,0,e39e1581961cad8f5d5dd910100078a11657ad2090cbed7264c9a8bad1310bf5,2024-07-09T18:19:14.047000
CVE-2024-37997,0,0,880ea769e8919f97f57b9878ce449ed40b5cbca31c8883be4629ac4f6a893243,2024-07-09T18:19:14.047000
CVE-2024-37998,0,0,f74f0aee21c1d0ed189b1b53893b54b9b769e53300f2261ee57ad9c992f023c0,2024-07-24T12:55:13.223000
@ -256379,7 +256393,7 @@ CVE-2024-3946,0,0,ab824b4f2a8403c27b100f5c3d6e7f8d9dd1c20c9aa138888e04631941f166
CVE-2024-39460,0,0,4f78962312c460642ba8951e77b013301d272c348dd713c542bd0b2b628a69cf,2024-06-27T12:47:19.847000
CVE-2024-39461,0,0,bf1816ecd185e36f42cd6844b143d10650e3a0c645cde3f5c825da5e93746f58,2024-09-03T18:12:22.633000
CVE-2024-39462,0,0,d6fa49df9f42ed202e5a3cc2f250dce01e83d58a2dd9514f13116e83ffa785aa,2024-07-03T02:05:49.283000
CVE-2024-39463,0,1,b111e474e0d807cd55b5d29d466c83ad5da734028ce381d3a32d3bdd2da7b401,2024-09-10T08:15:02.380000
CVE-2024-39463,0,0,b111e474e0d807cd55b5d29d466c83ad5da734028ce381d3a32d3bdd2da7b401,2024-09-10T08:15:02.380000
CVE-2024-39464,0,0,1645ce9c2dd695016de0c94e603fefd07a2e7caabc24d8ebfab3af1a26f6b184,2024-08-19T21:02:16.113000
CVE-2024-39465,0,0,b6ba07e557ee2621a86675b0febc6290289dae6bc23b121747f5f8e006230695,2024-08-19T21:04:27.467000
CVE-2024-39466,0,0,4ace459e94329b49137143c03c0ecc682c63ce5f8628b924663a1f0d72bdb734,2024-08-19T20:59:54.867000
@ -256486,15 +256500,15 @@ CVE-2024-3957,0,0,6be73190d0db646071e408d26fd6054938440e63fb695d16249857bd780649
CVE-2024-39570,0,0,795cf07324f2cb8c6a570190fa22ff6767cfc3ce2b0050380d11d95a41e2ca40,2024-09-06T21:20:26.347000
CVE-2024-39571,0,0,b35a4f00350faa538c88f4f6d224a7df8752eca1297d346f418e4963a4c09a43,2024-09-06T21:20:00.153000
CVE-2024-39573,0,0,66fc7feceb0e35a8b2e536fb0fe145ff47c70fa679791c05a2dafe67c9ad9e6e,2024-07-12T14:15:16.400000
CVE-2024-39574,1,1,1f09ac69c69c313f16da223b25dedecbbf2b43fda5187ce76ba05957abd70ef4,2024-09-10T09:15:02.290000
CVE-2024-39574,0,0,1f09ac69c69c313f16da223b25dedecbbf2b43fda5187ce76ba05957abd70ef4,2024-09-10T09:15:02.290000
CVE-2024-39576,0,0,b954c37b27403600557da0d261dd953de929a61b04f025c8697cd0d77090d715,2024-08-22T12:48:02.790000
CVE-2024-39578,0,0,c57c67d60ebbfbb439cb464fedeceb835967a7da09b4f182842457f0862047f9,2024-09-03T20:56:11.277000
CVE-2024-39579,0,0,3b10efac241247907da1969516918327fdf07736fefefce9e8f33c60526e18a1,2024-09-03T20:57:32.607000
CVE-2024-3958,0,0,d5a5e3b155f3063c251dfec6027d4759e62e1ec9e2382396e782467b23eef014,2024-08-29T15:50:33.257000
CVE-2024-39580,1,1,0667f2da3f1028a81376eb8803c26607e9ee30783cb13a19422bb1b71fbd83c9,2024-09-10T09:15:02.740000
CVE-2024-39581,1,1,08782645b0aedc19493e60348c1771c944bcd099d67c7ad17432fb6eec443cce,2024-09-10T09:15:02.993000
CVE-2024-39582,1,1,edd0909a5fd1f550cd8a12ecb1e1e3b73329cbc4e7e802cd284d25d21331b2fe,2024-09-10T09:15:03.243000
CVE-2024-39583,1,1,905a4f4d436415db14dbda84aedaeb6c04ea63ee86c134b9bb29ea38828e1d14,2024-09-10T09:15:03.513000
CVE-2024-39580,0,0,0667f2da3f1028a81376eb8803c26607e9ee30783cb13a19422bb1b71fbd83c9,2024-09-10T09:15:02.740000
CVE-2024-39581,0,0,08782645b0aedc19493e60348c1771c944bcd099d67c7ad17432fb6eec443cce,2024-09-10T09:15:02.993000
CVE-2024-39582,0,0,edd0909a5fd1f550cd8a12ecb1e1e3b73329cbc4e7e802cd284d25d21331b2fe,2024-09-10T09:15:03.243000
CVE-2024-39583,0,0,905a4f4d436415db14dbda84aedaeb6c04ea63ee86c134b9bb29ea38828e1d14,2024-09-10T09:15:03.513000
CVE-2024-39584,0,0,1d0a6aff0073f4836d9654764326ceeb368acd09f92344e463ab3214871c70e5,2024-08-28T12:57:27.610000
CVE-2024-39585,0,0,d477ac70d70122b93a30d70fba939fc56092d9a6275e57b99e3a0b2a412cd216,2024-09-06T12:08:04.550000
CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000
@ -257000,6 +257014,7 @@ CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f
CVE-2024-40743,0,0,4e2bb12b39654c0a7fc101446a81422e3ca7ab692f01d12e73f708088891a69c,2024-08-21T12:30:33.697000
CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000
CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000
CVE-2024-40754,1,1,d9122d582deda3976a798536b66d3042dfa2d64d4af28eae3c2ad828ac896495,2024-09-10T11:15:10.503000
CVE-2024-4076,0,0,3600a7160ba6cb63d73da78d982aeb737757fd1783e0b44697873d9ae49c2d36,2024-08-01T13:59:24.073000
CVE-2024-40764,0,0,ab85577e2cb5d9a786ef6b191ba8264da7952ad06ab8f1b0e070c99f55710d56,2024-08-01T13:58:00.227000
CVE-2024-40766,0,0,eff4b00cf0f55270aa38e0ff790e6ee6498c48000cd3eb1d26bf51c060a6a61b,2024-09-10T01:00:01.537000
@ -257336,6 +257351,8 @@ CVE-2024-41161,0,0,9b33361091df6923832caa53c78a9e46bbbedfd096d5512869c0f1eed0413
CVE-2024-41162,0,0,e54fc1a9823f936d00354799974ba06adb4cc451d56f48d5711fb6c0d45b612e,2024-09-04T17:03:53.010000
CVE-2024-41164,0,0,c5521af658e92e64cee6bd40535b27065e46248fed1bc5e43067dc57eef0c4d6,2024-08-19T18:39:06.157000
CVE-2024-4117,0,0,439d2da59fd01a25f254df6698027149837f261eb1a16ba5752d7e62667d1bfc,2024-06-04T19:20:30.043000
CVE-2024-41170,1,1,f88fad1bfb7ab467cb9762828646661e5f4c81025d5ca326b4c8cb28be35c291,2024-09-10T10:15:11.797000
CVE-2024-41171,1,1,2a7e7e5794c6216b8609a1e2026ba8733a7343071411fdc3edad825030bdfbed,2024-09-10T10:15:12
CVE-2024-41172,0,0,7f370211b6a2ed7e58844e8bf12bc0dae731f676537ceaaec3667e5da63dc1de,2024-08-07T20:16:45.237000
CVE-2024-41173,0,0,a32d0d9cca7b111b26d35b49c29c3c8130c1f7828fce2b3badc03095e7e93d7f,2024-08-27T13:01:37.913000
CVE-2024-41174,0,0,a822cde4328796519e509a3e4c690c9e9350782e4bad75b387a246a5f3be44f1,2024-08-27T13:01:37.913000
@ -258025,6 +258042,8 @@ CVE-2024-42340,0,0,708aac03ef44aeea471e9a045b752e905888f9d429c0c9806a766c67411a6
CVE-2024-42341,0,0,234d9ee0d2444d0f626546c3e75285abadcc74d0ab9516ab0f8349b21637c96a,2024-09-09T13:03:38.303000
CVE-2024-42342,0,0,54f316c3acda489d4f5402e147c2f368362071c79662dc92c6705a36381091a9,2024-09-09T13:03:38.303000
CVE-2024-42343,0,0,7ede109c28f5f3cebcd81363a812aca5202eed2bcb3b73c15fbe079b521efbdc,2024-09-09T13:03:38.303000
CVE-2024-42344,1,1,74b0ceb14495752548a37d882785bd9c2a673cb8f9b46c391c2c91f48edc54e2,2024-09-10T10:15:12.213000
CVE-2024-42345,1,1,14ebd8c3eb891f7f55414f1c20730864e6625a21e4287f5c3436e4814005c905,2024-09-10T10:15:12.433000
CVE-2024-42347,0,0,9d56c3d6f460e2251d08d50a3e874b7efeb364cadb050367418d1be0b31e15cb,2024-08-12T18:52:08.163000
CVE-2024-42348,0,0,9049ba06c12fadbe924de4e1d7650091813be7f3a3306b9434f7ebd8620eed32,2024-08-05T12:41:45.957000
CVE-2024-42349,0,0,7c83a1a3a31095b7c061367c56e1e2185d3951ede9de2f7c2b93de97074131bc,2024-08-05T12:41:45.957000
@ -258078,9 +258097,9 @@ CVE-2024-42412,0,0,7ea410a30890f641de68bc8b7a39cf35396bac17868b4fd498b764e1359ef
CVE-2024-42416,0,0,0c0ba6b9334c7e838b8d455f49871ca47f5d5630f34ccb39214f945ba545086b,2024-09-05T21:25:09.273000
CVE-2024-42418,0,0,1170a194d58fc93f3e0e1a535dff12de506530448528f0fff3eaea817d001f8b,2024-09-04T18:22:22.583000
CVE-2024-4242,0,0,9c58e9b9e77452c845f3c5179c3be4415982efd0430d3da14ab0345d444eccfb,2024-06-04T19:20:33.363000
CVE-2024-42424,1,1,1542a5e65ecd29409748683a90258404c9627c00dc2377d2137c6eaebbf58431,2024-09-10T08:15:02.487000
CVE-2024-42425,1,1,3bbec3a376634b494e8de462739c037fc1456d60ac24547ce7b2fbaf3e4cd2cf,2024-09-10T09:15:03.777000
CVE-2024-42427,1,1,67ae325a3a00ce58db4a5726b40d847b69639497fdfbe5f9581e529859999228,2024-09-10T08:15:02.760000
CVE-2024-42424,0,0,1542a5e65ecd29409748683a90258404c9627c00dc2377d2137c6eaebbf58431,2024-09-10T08:15:02.487000
CVE-2024-42425,0,0,3bbec3a376634b494e8de462739c037fc1456d60ac24547ce7b2fbaf3e4cd2cf,2024-09-10T09:15:03.777000
CVE-2024-42427,0,0,67ae325a3a00ce58db4a5726b40d847b69639497fdfbe5f9581e529859999228,2024-09-10T08:15:02.760000
CVE-2024-4243,0,0,d19512e4db8434daba47c490442c83df13ecbcadaf4fb9c501fe6a2c921256d5,2024-06-04T19:20:33.497000
CVE-2024-42434,0,0,e55ec0343b5bf13510bf079266ea96be4a27a72a2b479971039dc705ceccc43c,2024-09-04T21:35:50.963000
CVE-2024-42435,0,0,cb81ae05b6c53e011856448307845a07a836fbccf1f7098de171ed65bbb54190,2024-09-04T21:36:53.027000
@ -258603,16 +258622,16 @@ CVE-2024-43378,0,0,b201eb55fcf5e1b333e5fc1b76defa675188abfea665e05ed68f738cfa202
CVE-2024-43379,0,0,d3e4b3238a29f3c9bcdc737c17326972a39574f3fe6ee0181683ddcdcc0798d3,2024-08-21T12:37:22.800000
CVE-2024-43380,0,0,3bb4c505eaa2eb4e3ea37c153951df14b4a7ccb63e07a242ed00a1ab77df3585,2024-08-21T12:38:00.247000
CVE-2024-43381,0,0,cc3e0e73c6c6a5ab5687bfa997bff6ae33e38e4614aa8ff20ebd73e189ada3b7,2024-08-19T13:00:23.117000
CVE-2024-43385,1,1,ab52b84d437e742b30741a783662bb72075fbf60129df99e47996f7f17414be5,2024-09-10T09:15:04.150000
CVE-2024-43386,1,1,d236497afbecc572850bf7e81f23db824639a9d2869ad6160e0e5527b1add454,2024-09-10T09:15:04.400000
CVE-2024-43387,1,1,71bf4dbdda67fbc94d788f303656a1ed40cb35c0988b40f8038cf2ef3cc5d556,2024-09-10T09:15:04.690000
CVE-2024-43388,1,1,5b410bb57d9792639b4d39a6771eee31d043693e79277835544930466ada8103,2024-09-10T09:15:04.953000
CVE-2024-43389,1,1,e068524e6d52462b08c0d2fc80561415a7744c228e124cb70cbda5f6b0e820f6,2024-09-10T09:15:05.220000
CVE-2024-43385,0,0,ab52b84d437e742b30741a783662bb72075fbf60129df99e47996f7f17414be5,2024-09-10T09:15:04.150000
CVE-2024-43386,0,0,d236497afbecc572850bf7e81f23db824639a9d2869ad6160e0e5527b1add454,2024-09-10T09:15:04.400000
CVE-2024-43387,0,0,71bf4dbdda67fbc94d788f303656a1ed40cb35c0988b40f8038cf2ef3cc5d556,2024-09-10T09:15:04.690000
CVE-2024-43388,0,0,5b410bb57d9792639b4d39a6771eee31d043693e79277835544930466ada8103,2024-09-10T09:15:04.953000
CVE-2024-43389,0,0,e068524e6d52462b08c0d2fc80561415a7744c228e124cb70cbda5f6b0e820f6,2024-09-10T09:15:05.220000
CVE-2024-4339,0,0,240ed7230e0a6e458ae0cd6534f1dc024d6c16f3537e0357643e823e6aa09596,2024-05-14T16:11:39.510000
CVE-2024-43390,1,1,635e086e5895c62ccf4426d87214efb933b33d4a2a4c7d224482cc1bbade34e9,2024-09-10T09:15:05.537000
CVE-2024-43391,1,1,9d95e2d7a4b741ac4fbf7f450c7b61cabb4e32bb8868a6f429268d15a6fa81ed,2024-09-10T09:15:05.760000
CVE-2024-43392,1,1,5129800a843a5e65ea0d0c6661412ee7d2ebe2381f3c04dc69e78e77e67bbe47,2024-09-10T09:15:06.100000
CVE-2024-43393,1,1,5f82fe1692097a43858e120613a97e1a3edb31959b77bcb739f8db38aa1d37da,2024-09-10T09:15:06.367000
CVE-2024-43390,0,0,635e086e5895c62ccf4426d87214efb933b33d4a2a4c7d224482cc1bbade34e9,2024-09-10T09:15:05.537000
CVE-2024-43391,0,0,9d95e2d7a4b741ac4fbf7f450c7b61cabb4e32bb8868a6f429268d15a6fa81ed,2024-09-10T09:15:05.760000
CVE-2024-43392,0,0,5129800a843a5e65ea0d0c6661412ee7d2ebe2381f3c04dc69e78e77e67bbe47,2024-09-10T09:15:06.100000
CVE-2024-43393,0,0,5f82fe1692097a43858e120613a97e1a3edb31959b77bcb739f8db38aa1d37da,2024-09-10T09:15:06.367000
CVE-2024-43395,0,0,e2392bf6475b12db51f31adf2ecd9f40f62cf7ccf326ac732a93b8b209786a49,2024-08-19T13:00:23.117000
CVE-2024-43396,0,0,d3e4db1d56053a512790a84d8c3ae6e21035877ac8c09fe39077f7231484b09e,2024-09-03T18:19:33.167000
CVE-2024-43397,0,0,5caa94926889523c153ff1aaf47669fe6c71771da877710063b3b97c2bc5d0dc,2024-08-26T18:28:42.230000
@ -258662,6 +258681,7 @@ CVE-2024-4361,0,0,59805155c6666ce54d8263fcaceec5e0fc128f8100df5fb2e590f4610d5a88
CVE-2024-4362,0,0,16bcb3e7fd20cddcf2afd5e423805494786dbf969e82eb67d1ba08cf8ffd4c26,2024-05-22T12:46:53.887000
CVE-2024-4363,0,0,2c7c654c7422e9473b7010560ae2a1c2e3350cf44cdf9b6cc5ffb58dc4446aff,2024-05-15T16:40:19.330000
CVE-2024-4364,0,0,9332cb50f761fbdff3ec7a6ec045f13accb15b963b30845c4aa93399b834b7a1,2024-07-24T20:23:31.487000
CVE-2024-43647,1,1,a2fbbccb1a07d6b406ef81f3b36a7540699b05890f546a9d6a9e8b9e76b69010,2024-09-10T10:15:12.650000
CVE-2024-4365,0,0,63c2db9b70aba81bf4acd057c8457c31612ae1811b001c9773701935bfb8f554,2024-05-24T01:15:30.977000
CVE-2024-4366,0,0,bbfa79c99a69a6ab3a1454de708e5610ad18f6066e78d9171ac36b6f6e6eece9,2024-05-24T13:03:05.093000
CVE-2024-4367,0,0,53b2562feb1cef4dfbc75c878e502bbc54b7cf80f87613aa8d663f88e3c74ce6,2024-06-10T17:16:33.380000
@ -258684,6 +258704,7 @@ CVE-2024-43775,0,0,386009b272e00dd7e320eaa82eec20a93bfce64d4bcdb8a26930d34c6fe0d
CVE-2024-43776,0,0,27e4419e8ce01901c27e76cb21d9618c21e34d6a14d012499c61adf6cf980a12,2024-09-04T12:27:40.113000
CVE-2024-4378,0,0,09f9e04bae659373b82712486e7efa4baa3211e21ee904b68f572ef978953753,2024-05-24T01:15:30.977000
CVE-2024-43780,0,0,5217ce0351fcb75bd7982f01c3d436316e02e5a2bb3d0e7b3ad2fd10f4519787,2024-08-23T16:18:28.547000
CVE-2024-43781,1,1,7554dd3bc8f03e7ab38ca05dbd189f120640683861a491771174a8eb7ed4dbbe,2024-09-10T10:15:12.897000
CVE-2024-43782,0,0,ad31aa68786bd9fde8b1f273353ec992f123695e96de48dec8565f96d4b67b40,2024-08-23T16:18:28.547000
CVE-2024-43783,0,0,8724094a2b26e7a1ebe936c2fff47341ed92df1d54128430c04a1c17c54e5dea,2024-08-27T18:33:14.247000
CVE-2024-43785,0,0,865f9ddb4537abd892462a2be2c5b215baf0c6c5f01c60dc5f4805d59a23b528,2024-08-23T16:18:28.547000
@ -258799,7 +258820,7 @@ CVE-2024-43894,0,0,6de40558bad17c441448a7d840262bc0791f94ad7ca123ebcd8c1333244d5
CVE-2024-43895,0,0,13cc1d75b531dc2fa072bb66cd12a08c75638f9f6b96840f9b9c541de5dd04ae,2024-08-26T12:47:20.187000
CVE-2024-43896,0,0,9e528459b2e50d1f7ce6be809e552e51735f0b29caed43fdd44f11c615a94e16,2024-09-05T18:37:16.483000
CVE-2024-43897,0,0,2b25f81c1149d4543feb64d1945cd77374bca366086287d738b75eb1fb250919,2024-09-05T18:36:30.347000
CVE-2024-43898,0,1,b70a0322f8294223b16267a9061a592097cc320e64347a35bbaee6def942a528,2024-09-10T08:15:02.960000
CVE-2024-43898,0,0,b70a0322f8294223b16267a9061a592097cc320e64347a35bbaee6def942a528,2024-09-10T08:15:02.960000
CVE-2024-43899,0,0,1953a8ac8e9197ec884f1f7ed08130ca2ce11e7bc600d6d066b299186890c781,2024-08-27T14:38:19.740000
CVE-2024-4390,0,0,e7e7976abdd60c38776b1ca6e6489a541123a6d22aaefce9d02ee1d97e2bf9c9,2024-07-17T14:10:55.550000
CVE-2024-43900,0,0,4d8a1c377893c2bcc68b32981f4665a8b2876e47e79e3a70bf603165a8c8d4be,2024-08-27T14:38:32.967000
@ -258877,6 +258898,7 @@ CVE-2024-44076,0,0,d8ab474e3e0cd492e411ba495a07543359555360960989541af9d6ad1fd68
CVE-2024-44082,0,0,eca3489830dade6ed42141e32f34d30f3f0c158d92e0366e9686c819b89d9a20,2024-09-06T15:15:13.180000
CVE-2024-44083,0,0,0fbb97686726ee4d6be299ae185c5a7e6d7807c436d290993d1b41ed0119344c,2024-08-28T15:15:17.050000
CVE-2024-44085,0,0,ecf5951d52699c6f64ad8e35ca78bb63c6655b58c6934de27f2c5efa7e11f59b,2024-09-09T20:15:04.980000
CVE-2024-44087,1,1,a6429792255090244b31ff0e41380865a4b8d77269495e9b812f63081864ad5a,2024-09-10T10:15:13.140000
CVE-2024-4409,0,0,ef601ae22761768812ec6eb133885b7a6b08c5417903a944100f49b603e1172f,2024-05-24T13:03:11.993000
CVE-2024-4410,0,0,ca43b98286a78ab63b5139b50b93fc074ee9aec4c16e78097aa3514c43622322,2024-07-29T14:12:08.783000
CVE-2024-4411,0,0,9d1b27ccac7555d95c6be5f4488ca4d9772a0570efc26fe6a3f3d131fd0aea06,2024-05-14T16:11:39.510000
@ -259052,7 +259074,7 @@ CVE-2024-44940,0,0,6d3559648bdfa621b46434f9855de2178fa1de08defe3fd31c71176641a2c
CVE-2024-44941,0,0,20521e6b3375de1ef5f8d927ded27494829abd96af181743a86f9f68bd518b56,2024-08-26T12:47:20.187000
CVE-2024-44942,0,0,17b37362bd3ba24b1a5ce481b72105519e3d684fbcb26bdd0327529225c432f3,2024-08-27T16:09:10.010000
CVE-2024-44943,0,0,104222af5b39dfe0ecfd65133686fb7c357c749bea399e402eabbb685deeef38,2024-08-28T12:57:17.117000
CVE-2024-44944,0,1,e0ea7425a22b863e2537c36eca33f555e79ab9242c3477b220510c50a309c39f,2024-09-10T08:15:03.230000
CVE-2024-44944,0,0,e0ea7425a22b863e2537c36eca33f555e79ab9242c3477b220510c50a309c39f,2024-09-10T08:15:03.230000
CVE-2024-44945,0,0,a3745a898858327b7fbd2ec8b66c922f7135590f07273b0fe5d696fead01dfa7,2024-09-03T12:59:02.453000
CVE-2024-44946,0,0,baba486800f48daca091ce86b0b3099b94d8fc83c17e121f4572ead5091851fa,2024-09-04T12:15:05.150000
CVE-2024-44947,0,0,4b14bc0a3c1bd2fd38912b40c72c0f57fcdb205b9f9316a706babab2559c3eb1,2024-09-04T12:15:05.240000
@ -259126,6 +259148,7 @@ CVE-2024-45008,0,0,37dc0718d2dd8ba9fb7eca159ff733be9b954368896d4dc7e665604ee4c36
CVE-2024-4501,0,0,3baebe0a469dd4bf55eae5f370777b6e334d89a3883f98b03d03b2205353433a,2024-06-04T19:20:39.640000
CVE-2024-4502,0,0,f1f89a01c722d6ef2e85e855b85895e43fc279ff3a13e0257efd22aaa2b4c544,2024-06-04T19:20:39.747000
CVE-2024-4503,0,0,580a13ae85da881d7284f0e9b163135d237ab58a854d76134955e6cc28d662e6,2024-06-04T19:20:39.843000
CVE-2024-45032,1,1,1f58ed5aebae3664e0f0e36b7cfda4ca66a79afddd63b5788c01e63865d4ffd4,2024-09-10T10:15:13.407000
CVE-2024-45034,0,0,6acf56312613a82c5715559f5b4f69be801ce2e626afadd3cfb4d0f3016179e1,2024-09-09T14:35:07.577000
CVE-2024-45036,0,0,b93ba1b942c2a90c7150ffd72c683d09bcb868f6dc285088962d5acc53d2e2e4,2024-08-27T13:01:37.913000
CVE-2024-45037,0,0,0a75dee24a9a0746d4b594073f73eebe38a0d6b0ee92331f507c53bf54c314fe,2024-08-28T12:57:39.090000
@ -259339,7 +259362,7 @@ CVE-2024-45620,0,0,79d0fcf4ffd9e5c58086135dfac2f9737c74cc4ac6ac6ca9de004adbc8816
CVE-2024-45621,0,0,14a519a8f510b3c3b7a6df78c35235d4501d8bcffdb6cf42158adb38aa1e44bd,2024-09-03T12:59:02.453000
CVE-2024-45622,0,0,a33339926b8b20e966e52f22a13007f367a7fdd9b0655040e29ed073b9b76629,2024-09-03T16:35:09.647000
CVE-2024-45623,0,0,6e76d49f362c221a481237923ca3f07ce122524ae0700d93b755e69d33328599,2024-09-03T15:35:15.360000
CVE-2024-45625,0,0,53af7c33f57613adac667f62a1646c503b771cde80ecbb17a174be09eec61c83,2024-09-09T13:03:38.303000
CVE-2024-45625,0,1,3e5f2d639aef0e82608d7bd80d0e32d86a25b4046e30921cb8739a9c3be44b6a,2024-09-10T11:19:40.113000
CVE-2024-4563,0,0,a90af34c00297497a78ff72a2c306ea2262a49c5811c3b8bcaed5ddcefc9b6fb,2024-05-23T16:15:08.867000
CVE-2024-4564,0,0,045273651cbda7642192b25b1ce14ee6220cb16969b1d2c569252c03c480a950,2024-06-13T18:36:09.013000
CVE-2024-4565,0,0,15260fda70e8733111d52b1dae1a14ee33f22d1739a2e8de851c031d5bec2fb8,2024-07-17T14:14:08.750000
@ -259366,6 +259389,7 @@ CVE-2024-4581,0,0,87f8fe03f507957c50ab3e12c65c26f01a42761aed681f779ccb3bf731c25c
CVE-2024-4582,0,0,44a298c10fdfe0ab8acf9c943d89720dd7bed9fa14549ad9833d5c0a75c14780,2024-06-04T19:20:42.750000
CVE-2024-4583,0,0,80422ff6020fca1720c5a88e28ab76aaa9a918b3afa6700e13782e64857c6739,2024-06-04T19:20:42.857000
CVE-2024-4584,0,0,4d639afeee5354fec0a7cf3023bb849f2437d78f7cd875e4a49ac03b46b9ec82,2024-06-17T19:15:58.903000
CVE-2024-45845,1,1,d6725bd32d51d8db221cdb75ba64c6efbfad72a7cc4c55e91750b4e8e626218c,2024-09-10T11:15:10.660000
CVE-2024-4585,0,0,de8aae2cc9125c3a9e288fcbd9e609876eec68062d1a138bbd8e80f3513a89cb,2024-06-20T20:15:19.110000
CVE-2024-4586,0,0,308ac0f257920a7bf6e50f46839419870b7e733c7917681ea48f64312191a5cb,2024-06-04T19:20:42.953000
CVE-2024-4587,0,0,ccb551f2bab92e34c98709c8a5231b1e8778dd90f0d16bd4ac4c665438d47b6c,2024-06-04T19:20:43.057000
@ -261063,7 +261087,7 @@ CVE-2024-6588,0,0,67672e854c20766f2e15151fa1e111ec8310b7083a57f535c99159d2ce6e5a
CVE-2024-6589,0,0,786a762dda95a3db4c9cdc907a3a2b97d61313e4f2473ece396d13a201bdbeba,2024-08-26T16:21:36.530000
CVE-2024-6591,0,0,ba434f770e77a561bd09877a3c29228f51c9818a995d0175b55ef4d80494af35,2024-07-29T14:12:08.783000
CVE-2024-6595,0,0,1592dd03cd1b2c459ee5de6a924fab7f4c8bad5124f72f8b639c71537346952d,2024-08-30T14:15:17.063000
CVE-2024-6596,1,1,bee0885163c198e04598019344a5f713e2990259e037a39b034eda8daade346e,2024-09-10T08:15:03.350000
CVE-2024-6596,0,0,bee0885163c198e04598019344a5f713e2990259e037a39b034eda8daade346e,2024-09-10T08:15:03.350000
CVE-2024-6598,0,0,fb802128b1cfc176540749693b684b4374936099ab1c7948c1ec819266291908,2024-07-09T18:19:14.047000
CVE-2024-6599,0,0,6a69a16a0a8781527f95db9310983c42c357e28a72f780fd79d80c9654364b86,2024-07-18T12:28:43.707000
CVE-2024-6600,0,0,8a7bdd7b6969fa6cd69a1854f6f2130a9698184b9485e28b1c9cbb32470416d8,2024-07-16T18:15:08.737000
@ -261785,7 +261809,7 @@ CVE-2024-7613,0,0,595ae1d3f56b81eeb34ef1e184ddf7962f3a8fbfc042ff77a8fcf0bd3f10f2
CVE-2024-7614,0,0,70ea68e630891f9909a0a8afd3fe5566dad840edc8df033b5c308064cf074a69,2024-08-21T18:48:47.273000
CVE-2024-7615,0,0,bdb4e2a47bb0b635ad5424e7dee382fdbc667ab1983b9e7b4b79b80817773efa,2024-08-21T18:48:19.590000
CVE-2024-7616,0,0,240142a7cf93711d379b14c2a6284d004fd0a2d1c674fc02d32efdd57aa3e2bd,2024-08-13T16:59:39.517000
CVE-2024-7618,1,1,e90f66013f2521a8b364310d9018a7d82217e9044c4c5a2aeb53003036c12458,2024-09-10T08:15:03.620000
CVE-2024-7618,0,0,e90f66013f2521a8b364310d9018a7d82217e9044c4c5a2aeb53003036c12458,2024-09-10T08:15:03.620000
CVE-2024-7619,0,0,52e157835f9b49014d03653876a6177ba54feacc6eb580f7a52506ce1aa54bb3,2024-09-03T18:15:09.223000
CVE-2024-7620,0,0,2469206363fd07a16a5de81f046bd6f1d56a8441f8330f436267f4dce05a3b0c,2024-09-09T13:03:38.303000
CVE-2024-7621,0,0,07161284faa2eb0637370b6ff462e631787a37850cefb6ac5fa6750545dd7050,2024-08-12T13:41:36.517000
@ -261816,7 +261840,7 @@ CVE-2024-7649,0,0,3d0b3905ac20943345a47479273aed49759614ef3fae3b2688335294d499ed
CVE-2024-7651,0,0,386a7bb7aa0b4a32ced6fe813025ac2a231789f032ca2ee2a42adaaefdd20a30,2024-08-31T03:28:02.947000
CVE-2024-7652,0,0,c7f694e385002b920efe17a183ba7538023c7cf88dd53a372f2912343dfa2405,2024-09-09T13:03:38.303000
CVE-2024-7654,0,0,49383a5796e66ab6802124ac3212336a9fa34e97b446554c0840904b1dbfce6f,2024-09-05T13:53:16.540000
CVE-2024-7655,1,1,70e400fbb862b136de261fedb7a4862c81e7c64a07dd119826b52912431fc9b8,2024-09-10T08:15:03.830000
CVE-2024-7655,0,0,70e400fbb862b136de261fedb7a4862c81e7c64a07dd119826b52912431fc9b8,2024-09-10T08:15:03.830000
CVE-2024-7656,0,0,54bddf4f1c99f206f2f263928ecdc7b2851230b8a0f25d44b79aae993350ca70,2024-08-26T12:47:20.187000
CVE-2024-7657,0,0,b71ee6cae903ac873f30f4d097ac987c873f0095983bc9620eda1ffab659d5b8,2024-08-15T17:48:20.920000
CVE-2024-7658,0,0,832a65f53a452b2fa1561cdaae82b94e5ac7d59bc491a09b3cdc773f704d8588,2024-08-13T17:00:19.800000
@ -261850,8 +261874,8 @@ CVE-2024-7692,0,0,53a3a528e0e26eebc3a24b8375fbb7b9fd52b7aeb81816897422b7295867b4
CVE-2024-7693,0,0,8f49e917567dbf3d83b8fab0c0f87defce06a4391222113e25ab3be3d08b6e06,2024-09-06T16:51:35.647000
CVE-2024-7694,0,0,915a620e49de11e538187b87ae1859b4dd8b81a9c117898d10d07c783b69fb2e,2024-09-06T17:24:42.573000
CVE-2024-7697,0,0,56fc87c2b950fc0d4b7d08c76bcec1377c688ea98c921a8e581bb6c082412bb3,2024-09-06T18:04:28.030000
CVE-2024-7698,1,1,0b6376f241ae0c60b1330c3a639882331c33933f962ae7ffc74cf0e49e3f0261,2024-09-10T09:15:06.847000
CVE-2024-7699,1,1,3324900fac248b686cd3c8a74a38ad91329a8e7f4c6ebf88138ab71b25ab47da,2024-09-10T09:15:07.180000
CVE-2024-7698,0,0,0b6376f241ae0c60b1330c3a639882331c33933f962ae7ffc74cf0e49e3f0261,2024-09-10T09:15:06.847000
CVE-2024-7699,0,0,3324900fac248b686cd3c8a74a38ad91329a8e7f4c6ebf88138ab71b25ab47da,2024-09-10T09:15:07.180000
CVE-2024-7700,0,0,3e081f65a743f7c2243d16cda14609415c7128fbdf01790b4350a9589b48c796,2024-08-12T18:57:17.383000
CVE-2024-7702,0,0,35104b2d835bcff771d3508b754ac4f00b960fb6fd0cdfa84ab47a794def21ca,2024-08-26T18:15:46.870000
CVE-2024-7703,0,0,4fed134c1a88e3f28368f1aeb0423ea22cd742b65dcb7d77a318829e8e6bb6ba,2024-08-19T12:59:59.177000
@ -261874,7 +261898,7 @@ CVE-2024-7729,0,0,2bbcc23121d3cbbbfd7b7747e3325c391cd14964f404891acd614a24c4694f
CVE-2024-7731,0,0,e84a2998e171304858ad1fb8b038e10b362c1589200ef021af448b39d41434b9,2024-08-22T14:40:00.913000
CVE-2024-7732,0,0,d07658c10ed57e2a3eecd9b14e76e8eed0b7a7133550030a1f5039eb59d98d22,2024-08-14T13:00:37.107000
CVE-2024-7733,0,0,d6f0b33872e43d23ba993c9827febac1a615268a96a44f431f426f7460340dba,2024-08-14T02:07:05.410000
CVE-2024-7734,1,1,f99fb48ee14fd68b07dff866586634f0252d5e4a48e22b87e399dd49e3bc08c2,2024-09-10T08:15:04.020000
CVE-2024-7734,0,0,f99fb48ee14fd68b07dff866586634f0252d5e4a48e22b87e399dd49e3bc08c2,2024-09-10T08:15:04.020000
CVE-2024-7738,0,0,9abbf70090d4bac2436939ae1d7e5b66071c9e95d911875233a210759cede2ef,2024-08-14T02:07:05.410000
CVE-2024-7739,0,0,48d24e6c734bdd0aabede58961a2ddba8bd9566478ef049fa21ee7be6d7677d2,2024-08-14T02:07:05.410000
CVE-2024-7740,0,0,b6b97e22b2a1c91ed733b5ea0db90c7ca386835aea8a2536d78b137aa899a052,2024-08-21T19:06:30.707000
@ -261892,6 +261916,7 @@ CVE-2024-7752,0,0,a2329e23410b1feec53d6ea38469016e280edd824b17c574fc21bf18179470
CVE-2024-7753,0,0,8d87f0b2095698ec5201c016f27ad170e6b85d6a83cdb1acca64ef97e59384ac,2024-08-19T17:47:49.083000
CVE-2024-7754,0,0,aa642088260d14c06ef027c5ebe72633a842f86ac8e6448a2c0c42d526be8fa5,2024-08-19T17:48:15.203000
CVE-2024-7757,0,0,ca7d079474a8e4f4b2f55e1721105da3a15a9e1d63f2bd4356eaaa03e8d55f39,2024-08-21T09:15:04.973000
CVE-2024-7770,1,1,015b5490c1231d0b92b2413a6e8ee47012159b8b0eaa036522ed888d8f392cf5,2024-09-10T11:15:10.780000
CVE-2024-7775,0,0,e75f99322bf942cd40c2d94981e16e48a8ebca7abec8ba8da6e02adea2112f97,2024-08-26T18:18:22.887000
CVE-2024-7777,0,0,4a2d78b8605a3d4db2907c7fe28bc447e2c0379246d7b81936de12aa55ddf523,2024-08-26T18:19:19.507000
CVE-2024-7778,0,0,3bccf24c2d6c26e9b97b53b6049aaebd5856252add9958ab8944d96a94251b86,2024-08-22T12:48:02.790000
@ -262158,11 +262183,12 @@ CVE-2024-8230,0,0,51972d3a01eef60d4ec2fcebcc43d9f517d40a0a396b61ca7c24bdef0d5fcb
CVE-2024-8231,0,0,19b769716e3fff898a72bf0ee7d68779b61ab99af63bed31a0498759613ebd4e,2024-08-28T12:57:27.610000
CVE-2024-8234,0,0,870a131a53db84d6497bde7de38de6b7411ad7686be0738cd78fff93fab14909,2024-08-30T13:00:05.390000
CVE-2024-8235,0,0,7072b68d002bcf4f9595f61b4137bd3d5b31c93ce76df9863ff0a1c3da8ed948,2024-09-03T12:59:02.453000
CVE-2024-8241,1,1,d8aed6ee9286b2aa9016d56e234e7bf8e4b5e668ea903b65f75994a1e5904926,2024-09-10T10:15:13.653000
CVE-2024-8247,0,0,5202f9f70242e6e766f5bf4ee04774da230414090293c913b32ce2eadeefe661,2024-09-06T12:08:04.550000
CVE-2024-8250,0,0,9b93a65d8c7dcee06e07a2e2b390d716b51503d05b493ec48aa5a8756ae94b8c,2024-08-30T16:32:16.917000
CVE-2024-8252,0,0,36e1aa114a02ff2bf925a636a4ed4135ae0e6011078bf9fd8b3aff586823c205,2024-09-03T14:31:27.243000
CVE-2024-8255,0,0,c6874ac38c80acc73ad7edcdfa1b6810f24be9f578842829800024511d128d5a,2024-09-06T22:53:34.187000
CVE-2024-8258,1,1,154510660de3a5f7fd31db666136060100dc40eccec50d5817aa677aadd9600f,2024-09-10T09:15:07.497000
CVE-2024-8258,0,0,154510660de3a5f7fd31db666136060100dc40eccec50d5817aa677aadd9600f,2024-09-10T09:15:07.497000
CVE-2024-8260,0,0,812d2a62f9a14f293d2814006504d857c705848c99804aae9066abfa5d1408ba,2024-09-03T12:59:02.453000
CVE-2024-8268,0,0,19698d2ff5d82db2ae743a122534da67a187f2f6f912961a5504ef6cf90e8b6b,2024-09-10T03:15:03.690000
CVE-2024-8274,0,0,81f15088246893eaf3249a3304ee5d5199071263c8883a7f9f22c293a16a376a,2024-09-03T14:28:06.853000
@ -262267,6 +262293,7 @@ CVE-2024-8517,0,0,3800f6b128aab40f688c971c9a9e47c0b6a42cbdd5c8d94b7cf3eaf620f48f
CVE-2024-8521,0,0,65485edaf907369f60ded6330bfa86fc3cb4b0554a8f781a990c000b1998cccb,2024-09-09T13:03:38.303000
CVE-2024-8523,0,0,97cab60ebb5ec07bfc3fbe69bde3146d8e6846c5d869fc10534b5a2c3c29806e,2024-09-09T13:03:38.303000
CVE-2024-8538,0,0,cdc95bc68a4038527ba5cf51b0a8358b05e3a1650fc8124f586021fbca5ad9b3,2024-09-09T13:03:38.303000
CVE-2024-8543,1,1,bc558239a2fe3a7e58b37ab375a36d1a7ff0f095c997b8895bfc883de219ab38,2024-09-10T10:15:13.887000
CVE-2024-8554,0,0,4cf504871442fcb0d84a21da28ddfae2465e0b33b1fe7bfdf35784130157a585,2024-09-09T13:03:38.303000
CVE-2024-8555,0,0,b6a2386ed27e3c15f87a10f0caf63bea3e02c0e81c71fb6c48c17029c2525502,2024-09-09T13:03:38.303000
CVE-2024-8557,0,0,d956d0b1de890824833231cfe4294c7751ca4754efdbac52614ee252b9d18dba,2024-09-09T13:03:38.303000
@ -262303,3 +262330,4 @@ CVE-2024-8604,0,0,03dd9ea4b720aacc0e1e1cce008473e1a786aeb7eaa9fc848b1a9d53cc790e
CVE-2024-8605,0,0,05de9fb886966e208a1d4ea135c5ccec7205233c650e87f0027c612a99575815,2024-09-09T18:30:12.050000
CVE-2024-8610,0,0,63b96f80e9a9898c58020000e622cb8b59201d23bb4c4b89a20f83f5c7c43556,2024-09-09T21:15:13.127000
CVE-2024-8611,0,0,2ce4149f95f488455d8f3a44e91cf576ec7c412385aeea29e6e18c729ee34c96,2024-09-09T21:15:13.377000
CVE-2024-8645,1,1,662e85fdb9aff9f2649eabb0f52f851fd2de1785f64524d54fe76dc151517f3b,2024-09-10T10:15:14.113000

Can't render this file because it is too large.