diff --git a/CVE-2017/CVE-2017-26xx/CVE-2017-2680.json b/CVE-2017/CVE-2017-26xx/CVE-2017-2680.json index 268a6ff7b2b..2d2d091e075 100644 --- a/CVE-2017/CVE-2017-26xx/CVE-2017-2680.json +++ b/CVE-2017/CVE-2017-26xx/CVE-2017-2680.json @@ -2,7 +2,7 @@ "id": "CVE-2017-2680", "sourceIdentifier": "productcert@siemens.com", "published": "2017-05-11T01:29:05.400", - "lastModified": "2024-07-09T12:15:03.820", + "lastModified": "2024-09-10T10:15:02.153", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], "cvssMetricV31": [ { "source": "nvd@nist.gov", @@ -1496,10 +1540,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "6.0.6", - "matchCriteriaId": "2570E321-C28E-46FA-8693-1230B3B5FD1B" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D" } ] }, @@ -1508,9 +1551,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*", - "matchCriteriaId": "8F97B67B-4516-4AD9-B33C-7F480EE0DB4D" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.6", + "matchCriteriaId": "2570E321-C28E-46FA-8693-1230B3B5FD1B" } ] } @@ -1519,6 +1563,17 @@ { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B" + } + ] + }, { "operator": "OR", "negate": false, @@ -1530,23 +1585,23 @@ "matchCriteriaId": "582B49BD-4565-4D19-BBE6-A193BDFCE8B0" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", - "matchCriteriaId": "EC545350-FD53-4B2E-886F-E20F12260C9B" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77" + } + ] + }, { "operator": "OR", "negate": false, @@ -1558,23 +1613,23 @@ "matchCriteriaId": "9D24953B-B3DF-4150-810C-64A94A55E829" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", - "matchCriteriaId": "30DDEA9B-E1BF-4572-8E12-D13C54603E77" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF" + } + ] + }, { "operator": "OR", "negate": false, @@ -1586,23 +1641,23 @@ "matchCriteriaId": "E696D071-8601-40AA-BAF5-1452940E1D6E" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*", - "matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA5ADAB0-3985-4933-8CDD-D1546D8271CC" + } + ] + }, { "operator": "OR", "negate": false, @@ -1619,17 +1674,6 @@ "matchCriteriaId": "EA59D713-F342-4CDA-BDC8-108352D385DA" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CA5ADAB0-3985-4933-8CDD-D1546D8271CC" - } - ] } ] }, @@ -1641,10 +1685,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "1.1.0", - "matchCriteriaId": "4E36412A-1AAB-42D1-B0B4-7A7BBF3CB317" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8582A3E8-C05E-4D0B-851D-8C3181ED61CC" } ] }, @@ -1653,9 +1696,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*", - "matchCriteriaId": "8582A3E8-C05E-4D0B-851D-8C3181ED61CC" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.1.0", + "matchCriteriaId": "4E36412A-1AAB-42D1-B0B4-7A7BBF3CB317" } ] } @@ -1784,6 +1828,17 @@ { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B75F50CA-7371-4BC7-8D8A-13F8BC69E4EB" + } + ] + }, { "operator": "OR", "negate": false, @@ -1800,23 +1855,23 @@ "matchCriteriaId": "A2B61A79-C2B0-4C3D-A63C-B20FF78B2981" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", - "matchCriteriaId": "B75F50CA-7371-4BC7-8D8A-13F8BC69E4EB" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D61D3E9C-1346-4354-BCD9-B02F67500C41" + } + ] + }, { "operator": "OR", "negate": false, @@ -1833,17 +1888,6 @@ "matchCriteriaId": "CAA92AC6-7DA0-418D-A13F-69268DFD7966" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", - "matchCriteriaId": "D61D3E9C-1346-4354-BCD9-B02F67500C41" - } - ] } ] }, diff --git a/CVE-2017/CVE-2017-26xx/CVE-2017-2681.json b/CVE-2017/CVE-2017-26xx/CVE-2017-2681.json index e79a8d3e816..060253c53d0 100644 --- a/CVE-2017/CVE-2017-26xx/CVE-2017-2681.json +++ b/CVE-2017/CVE-2017-26xx/CVE-2017-2681.json @@ -2,13 +2,13 @@ "id": "CVE-2017-2681", "sourceIdentifier": "productcert@siemens.com", "published": "2017-05-11T10:29:00.180", - "lastModified": "2024-07-09T12:15:04.280", + "lastModified": "2024-09-10T10:15:03.063", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices." + "value": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], "cvssMetricV31": [ { "source": "nvd@nist.gov", diff --git a/CVE-2019/CVE-2019-109xx/CVE-2019-10923.json b/CVE-2019/CVE-2019-109xx/CVE-2019-10923.json index def0db1e02a..df1e53d8915 100644 --- a/CVE-2019/CVE-2019-109xx/CVE-2019-10923.json +++ b/CVE-2019/CVE-2019-109xx/CVE-2019-10923.json @@ -2,13 +2,13 @@ "id": "CVE-2019-10923", "sourceIdentifier": "productcert@siemens.com", "published": "2019-10-10T14:15:14.503", - "lastModified": "2023-05-09T13:15:12.763", + "lastModified": "2024-09-10T10:15:03.397", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation." + "value": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation." }, { "lang": "es", @@ -1294,6 +1294,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2020/CVE-2020-252xx/CVE-2020-25236.json b/CVE-2020/CVE-2020-252xx/CVE-2020-25236.json index e1e4fc7a4ba..a4f378dc067 100644 --- a/CVE-2020/CVE-2020-252xx/CVE-2020-25236.json +++ b/CVE-2020/CVE-2020-252xx/CVE-2020-25236.json @@ -2,13 +2,13 @@ "id": "CVE-2020-25236", "sourceIdentifier": "productcert@siemens.com", "published": "2021-03-15T17:15:19.877", - "lastModified": "2023-12-12T12:15:07.960", + "lastModified": "2024-09-10T10:15:03.727", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device\nexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset." + "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). The control logic (CL) the LOGO! 8 executes could be manipulated in a way that could cause the device\nexecuting the CL to improperly handle the manipulation and crash. After successful execution of the attack, the device needs to be manually reset." }, { "lang": "es", @@ -126,6 +126,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-783481.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-783481.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36361.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36361.json index c6bd03c7bf6..ab95d9898da 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36361.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36361.json @@ -2,13 +2,13 @@ "id": "CVE-2022-36361", "sourceIdentifier": "productcert@siemens.com", "published": "2022-10-11T11:15:10.037", - "lastModified": "2023-12-12T12:15:09.510", + "lastModified": "2024-09-10T10:15:03.930", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code." + "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code." }, { "lang": "es", @@ -128,6 +128,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-955858.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36362.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36362.json index cb296931b20..82836c3563c 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36362.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36362.json @@ -2,13 +2,13 @@ "id": "CVE-2022-36362", "sourceIdentifier": "productcert@siemens.com", "published": "2022-10-11T11:15:10.103", - "lastModified": "2023-12-12T12:15:09.630", + "lastModified": "2024-09-10T10:15:04.130", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device." + "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device." }, { "lang": "es", @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-955858.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36363.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36363.json index 51e1fd3cbac..53092553a78 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36363.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36363.json @@ -2,13 +2,13 @@ "id": "CVE-2022-36363", "sourceIdentifier": "productcert@siemens.com", "published": "2022-10-11T11:15:10.163", - "lastModified": "2023-12-12T12:15:09.740", + "lastModified": "2024-09-10T10:15:04.293", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions), LOGO! 12/24RCEo (All versions), LOGO! 230RCE (All versions), LOGO! 230RCEo (All versions), LOGO! 24CE (All versions), LOGO! 24CEo (All versions), LOGO! 24RCE (All versions), LOGO! 24RCEo (All versions), SIPLUS LOGO! 12/24RCE (All versions), SIPLUS LOGO! 12/24RCEo (All versions), SIPLUS LOGO! 230RCE (All versions), SIPLUS LOGO! 230RCEo (All versions), SIPLUS LOGO! 24CE (All versions), SIPLUS LOGO! 24CEo (All versions), SIPLUS LOGO! 24RCE (All versions), SIPLUS LOGO! 24RCEo (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory." + "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions). Affected devices do not properly validate an offset value which can be defined in TCP packets when calling a method. This could allow an attacker to retrieve parts of the content of the memory." }, { "lang": "es", @@ -138,6 +138,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-955858.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2022/CVE-2022-427xx/CVE-2022-42784.json b/CVE-2022/CVE-2022-427xx/CVE-2022-42784.json index d190a282aa3..b331cd30d67 100644 --- a/CVE-2022/CVE-2022-427xx/CVE-2022-42784.json +++ b/CVE-2022/CVE-2022-427xx/CVE-2022-42784.json @@ -2,13 +2,13 @@ "id": "CVE-2022-42784", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T10:15:09.560", - "lastModified": "2023-12-18T14:51:14.167", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-10T10:15:04.440", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version." + "value": "A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version." }, { "lang": "es", @@ -532,6 +532,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-844582.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844582.pdf", "source": "productcert@siemens.com", diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43716.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43716.json index 039854f5efd..315fabba4fe 100644 --- a/CVE-2022/CVE-2022-437xx/CVE-2022-43716.json +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43716.json @@ -2,13 +2,13 @@ "id": "CVE-2022-43716", "sourceIdentifier": "productcert@siemens.com", "published": "2023-04-11T10:15:17.467", - "lastModified": "2024-06-11T09:15:11.587", + "lastModified": "2024-09-10T10:15:04.627", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product." + "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product." } ], "metrics": { @@ -702,10 +702,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "2.3.6", - "matchCriteriaId": "4646AF8C-B871-4F9E-85A4-ECE8F13AFB21" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239" } ] }, @@ -714,9 +713,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", - "matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3.6", + "matchCriteriaId": "4646AF8C-B871-4F9E-85A4-ECE8F13AFB21" } ] } diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43767.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43767.json index 5a13bf40f0c..cb8a3e117c0 100644 --- a/CVE-2022/CVE-2022-437xx/CVE-2022-43767.json +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43767.json @@ -2,13 +2,13 @@ "id": "CVE-2022-43767", "sourceIdentifier": "productcert@siemens.com", "published": "2023-04-11T10:15:17.540", - "lastModified": "2024-06-11T09:15:11.907", + "lastModified": "2024-09-10T10:15:04.850", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product." + "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product." } ], "metrics": { @@ -93,9 +93,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960" } ] }, @@ -104,9 +104,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CA9BB25C-D5E3-43DE-8C73-06BDC43CA960" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FE3D7928-8E1A-400E-B790-58D6F5938E3C" } ] } @@ -115,17 +115,6 @@ { "operator": "AND", "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8" - } - ] - }, { "operator": "OR", "negate": false, @@ -136,23 +125,23 @@ "matchCriteriaId": "2FFBFB96-1A35-4724-831B-68E3A9C32921" } ] - } - ] - }, - { - "operator": "AND", - "nodes": [ + }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5" + "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "FCF9D803-FF47-4400-B2C4-1F4EE28E5AA8" } ] - }, + } + ] + }, + { + "operator": "AND", + "nodes": [ { "operator": "OR", "negate": false, @@ -163,23 +152,23 @@ "matchCriteriaId": "DFE96226-A2DF-4A9E-8CBB-8D7CF328E404" } ] - } - ] - }, - { - "operator": "AND", - "nodes": [ + }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0" + "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "BE5003DA-5488-47C1-B442-9137E849FDD5" } ] - }, + } + ] + }, + { + "operator": "AND", + "nodes": [ { "operator": "OR", "negate": false, @@ -190,23 +179,23 @@ "matchCriteriaId": "651C66E8-B3C0-4E88-BC7C-30BF16A7F7A3" } ] - } - ] - }, - { - "operator": "AND", - "nodes": [ + }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39" + "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "93D43BC6-EDE3-4EE1-9410-4717EB641AD0" } ] - }, + } + ] + }, + { + "operator": "AND", + "nodes": [ { "operator": "OR", "negate": false, @@ -217,23 +206,23 @@ "matchCriteriaId": "FF9224A6-8A35-4F4F-951F-5B24B89E5FC8" } ] - } - ] - }, - { - "operator": "AND", - "nodes": [ + }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27" + "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "786F3FFD-87E4-45B9-A33C-BAE58379FF39" } ] - }, + } + ] + }, + { + "operator": "AND", + "nodes": [ { "operator": "OR", "negate": false, @@ -244,23 +233,23 @@ "matchCriteriaId": "12A45F37-1E7D-4748-ADAC-EC4C454B693A" } ] - } - ] - }, - { - "operator": "AND", - "nodes": [ + }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "C1F51B86-57EE-4DB6-B038-06726BC93D2D" + "criteria": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "F2AA6B43-7FC7-465A-9CD8-E8A4D6DBCD27" } ] - }, + } + ] + }, + { + "operator": "AND", + "nodes": [ { "operator": "OR", "negate": false, @@ -271,6 +260,17 @@ "matchCriteriaId": "0C868560-8BAE-462D-AED0-3C52EA9B6DB8" } ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "C1F51B86-57EE-4DB6-B038-06726BC93D2D" + } + ] } ] }, @@ -282,9 +282,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", - "matchCriteriaId": "8648EF79-043D-48DE-B9F8-BF762862EE99" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390" } ] }, @@ -293,9 +293,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", - "matchCriteriaId": "E362CEA5-F47B-4294-8F2D-A0A7AC6FF390" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "8648EF79-043D-48DE-B9F8-BF762862EE99" } ] } diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43768.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43768.json index f4142909a86..58e76dcae58 100644 --- a/CVE-2022/CVE-2022-437xx/CVE-2022-43768.json +++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43768.json @@ -2,13 +2,13 @@ "id": "CVE-2022-43768", "sourceIdentifier": "productcert@siemens.com", "published": "2023-04-11T10:15:17.617", - "lastModified": "2024-06-11T09:15:12.230", + "lastModified": "2024-09-10T10:15:05.020", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product." + "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions < V3.4.29), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions < V3.4.29), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions < V3.4.29), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-461xx/CVE-2022-46144.json b/CVE-2022/CVE-2022-461xx/CVE-2022-46144.json index 16adac6eb80..9d7e3da00c8 100644 --- a/CVE-2022/CVE-2022-461xx/CVE-2022-46144.json +++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46144.json @@ -2,13 +2,13 @@ "id": "CVE-2022-46144", "sourceIdentifier": "productcert@siemens.com", "published": "2022-12-13T16:15:25.200", - "lastModified": "2024-06-11T09:15:12.590", + "lastModified": "2024-09-10T10:15:05.170", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive." + "value": "A vulnerability has been identified in SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions < V2.3), SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions < V2.3), SCALANCE SC626-2C (6GK5626-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions < V2.3), SCALANCE SC632-2C (6GK5632-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions < V2.3), SCALANCE SC636-2C (6GK5636-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions < V2.3), SCALANCE SC642-2C (6GK5642-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions < V2.3), SCALANCE SC646-2C (6GK5646-2GS00-2AC2) (All versions >= V2.3 < V3.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28827.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28827.json new file mode 100644 index 00000000000..0be1982d3a4 --- /dev/null +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28827.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2023-28827", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:05.347", + "lastModified": "2024-09-10T10:15:05.347", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain requests, causing a timeout in the watchdog, which could lead to the clean up of pointers. \r\n\r\nThis could allow a remote attacker to cause a denial of service condition in the system." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones < V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones < V2.4.8). El servidor web de los dispositivos afectados no procesa correctamente ciertas solicitudes, lo que provoca un tiempo de espera en el watchdog, lo que podr\u00eda provocar la limpieza de punteros. Esto podr\u00eda permitir que un atacante remoto provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.2, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2919.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2919.json new file mode 100644 index 00000000000..bd087220ad2 --- /dev/null +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2919.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2023-2919", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-10T10:15:05.710", + "lastModified": "2024-09-10T10:15:05.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Tutor LMS para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.7.4 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n 'addon_enable_disable'. Esto hace posible que atacantes no autenticados habiliten o deshabiliten complementos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Ajax.php?rev=3128650#L506", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3148621/tutor/tags/2.7.5/classes/Ajax.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/992abd72-2a8e-4bda-94c2-4a7f88487906?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30755.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30755.json new file mode 100644 index 00000000000..4c21b10e0e6 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30755.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2023-30755", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:05.940", + "lastModified": "2024-09-10T10:15:05.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle the shutdown or reboot request, which could lead to the clean up of certain resources. \r\n\r\nThis could allow a remote attacker with elevated privileges to cause a denial of service condition in the system." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones < V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones < V2.4.8). El servidor web de los dispositivos afectados no gestiona correctamente la solicitud de apagado o reinicio, lo que podr\u00eda provocar la limpieza de determinados recursos. Esto podr\u00eda permitir que un atacante remoto con privilegios elevados provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30756.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30756.json new file mode 100644 index 00000000000..d191b4fc613 --- /dev/null +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30756.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2023-30756", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:06.197", + "lastModified": "2024-09-10T10:15:06.197", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-7 LTE (All versions < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions < V3.5.20), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC WinCC Runtime Advanced (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). The web server of the affected devices do not properly handle certain errors when using the Expect HTTP request header, resulting in NULL dereference.\r\n\r\nThis could allow a remote attacker with no privileges to cause a denial of service condition in the system." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC CP 1242-7 V2 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 DNP3 (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-1 IEC (incl. variantes SIPLUS) (Todas las versiones < V3.5.20), SIMATIC CP 1243-7 LTE (Todas las versiones < V3.5.20), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (Todas las versiones < V3.5.20), SIMATIC HMI Comfort Panels (incl. variantes SIPLUS) (Todas las versiones), SIMATIC IPC DiagBase (Todas las versiones), SIMATIC IPC DiagMonitor (todas las versiones), SIMATIC WinCC Runtime Advanced (todas las versiones), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (todas las versiones < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (todas las versiones < V2.4.8). El servidor web de los dispositivos afectados no gestiona correctamente determinados errores al utilizar el encabezado de solicitud HTTP Expect, lo que da lugar a una desreferencia NULL. Esto podr\u00eda permitir que un atacante remoto sin privilegios provoque una condici\u00f3n de denegaci\u00f3n de servicio en el sistema." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.2, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-423808.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json index 76066745a4b..5b247051733 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44317.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44317", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.067", - "lastModified": "2024-08-13T08:15:06.607", + "lastModified": "2024-09-10T10:15:06.443", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.2.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.2.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.2.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.2.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.2.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.2.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.2.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json index babef2ec6af..79ea391b9b0 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44319.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44319", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:12.510", - "lastModified": "2024-08-13T08:15:07.073", + "lastModified": "2024-09-10T10:15:07.013", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json index 9ef0bc3a9bf..0e0e8e7b5f3 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44373.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44373", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.417", - "lastModified": "2024-08-13T08:15:08.033", + "lastModified": "2024-09-10T10:15:07.217", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V2.4.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V2.4.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V2.4.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions < V2.4.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V2.4.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V2.4.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V2.4.0), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V2.4.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V2.4.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V2.4.0), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions < V2.4.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V2.4.0), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions < V2.4.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323." }, { "lang": "es", @@ -2102,6 +2102,10 @@ "url": "https://cert-portal.siemens.com/productcert/html/ssa-699386.html", "source": "productcert@siemens.com" }, + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-721642.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json index 26fe9779550..6ae325f3591 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44374.json @@ -2,13 +2,13 @@ "id": "CVE-2023-44374", "sourceIdentifier": "productcert@siemens.com", "published": "2023-11-14T11:15:13.753", - "lastModified": "2024-08-13T08:15:08.297", + "lastModified": "2024-09-10T10:15:07.467", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges." + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.0), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.0), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.0), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.0), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.0), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.0), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.0), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.0), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.0), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.0), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.0), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions), SCALANCE WAM766-1 (EU) (6GK5766-1GE00-7DA0) (All versions), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions), SCALANCE WAM766-1 EEC (EU) (6GK5766-1GE00-7TA0) (All versions), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions), SCALANCE WUB762-1 (6GK5762-1AJ00-2AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions), SCALANCE WUM766-1 (EU) (6GK5766-1GE00-3DA0) (All versions), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions), SCALANCE WUM766-1 (US) (6GK5766-1GE00-3DB0) (All versions). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges." }, { "lang": "es", @@ -780,10 +780,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "4.5", - "matchCriteriaId": "66B350EA-BB9F-4A17-93DB-55132592E050" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5206-2gs00-2fc2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D4FE9F1-CA78-4E2D-BAAB-27F370C74058" } ] }, @@ -792,9 +791,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5206-2gs00-2fc2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "8D4FE9F1-CA78-4E2D-BAAB-27F370C74058" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:6gk5206-2gs00-2fc2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5", + "matchCriteriaId": "66B350EA-BB9F-4A17-93DB-55132592E050" } ] } @@ -803,6 +803,17 @@ { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2ac2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "18B74B85-3F14-4E2B-8579-8304B0CDEBF6" + } + ] + }, { "operator": "OR", "negate": false, @@ -814,23 +825,23 @@ "matchCriteriaId": "C0645A96-E9C4-4CAE-9B06-EC098D3470AB" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2ac2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "18B74B85-3F14-4E2B-8579-8304B0CDEBF6" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2fc2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81A3F713-4B72-40AE-9FB1-88FBA52574F2" + } + ] + }, { "operator": "OR", "negate": false, @@ -842,23 +853,23 @@ "matchCriteriaId": "A54883F7-90D2-4B42-B426-767208360B6F" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ba00-2fc2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "81A3F713-4B72-40AE-9FB1-88FBA52574F2" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2ac2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E2C557EB-5EE6-4FB6-AA77-E2519C122792" + } + ] + }, { "operator": "OR", "negate": false, @@ -870,23 +881,23 @@ "matchCriteriaId": "86354CF8-B304-4A06-9D28-5161E082E891" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2ac2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "E2C557EB-5EE6-4FB6-AA77-E2519C122792" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2tc2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "84745DC6-8D3E-48BD-B61F-93B6D43919AB" + } + ] + }, { "operator": "OR", "negate": false, @@ -898,23 +909,23 @@ "matchCriteriaId": "BB4603BB-39A4-4C66-B40F-4C937C51290F" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2tc2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "84745DC6-8D3E-48BD-B61F-93B6D43919AB" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2fc2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D6997812-562B-421F-AECF-6E1151E9EC50" + } + ] + }, { "operator": "OR", "negate": false, @@ -926,34 +937,12 @@ "matchCriteriaId": "5A4283EE-DC1B-49B3-A23B-C2443C457243" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ga00-2fc2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "D6997812-562B-421F-AECF-6E1151E9EC50" - } - ] } ] }, { "operator": "AND", "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-2ac2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "D3EA732B-3BDA-41AE-A791-700A28FD632B" - } - ] - }, { "operator": "OR", "negate": false, @@ -965,6 +954,17 @@ "matchCriteriaId": "06C17564-8DB0-41DA-AAD7-D1BE5C662054" } ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-2ac2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D3EA732B-3BDA-41AE-A791-700A28FD632B" + } + ] } ] }, @@ -976,9 +976,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-5ac2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "A44C230B-2682-4DCF-808A-3D1EB647BA13" + "vulnerable": true, + "criteria": "cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.5", + "matchCriteriaId": "F58C2715-BB90-4799-B0EF-F5E356BB211B" } ] }, @@ -987,10 +988,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:siemens:6gk5208-0ra00-5ac2_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "4.5", - "matchCriteriaId": "F58C2715-BB90-4799-B0EF-F5E356BB211B" + "vulnerable": false, + "criteria": "cpe:2.3:h:siemens:6gk5208-0ra00-5ac2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A44C230B-2682-4DCF-808A-3D1EB647BA13" } ] } diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json index 8cd5bc995c6..530911e9d90 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46280", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:15:40.800", - "lastModified": "2024-08-13T08:15:08.500", + "lastModified": "2024-09-10T10:15:07.977", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." + "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json index 67ec4f234bb..3274bfc9c39 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46281.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46281", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:13.653", - "lastModified": "2024-08-13T08:15:08.660", + "lastModified": "2024-09-10T10:15:08.120", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json index 89d0343c6c7..37a9a4dbcb9 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46282.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46282", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:13.870", - "lastModified": "2024-08-13T08:15:08.813", + "lastModified": "2024-09-10T10:15:08.240", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json index 7484bb2e1b7..a767935e6a5 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46283.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46283", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.067", - "lastModified": "2024-08-13T08:15:08.950", + "lastModified": "2024-09-10T10:15:08.353", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json index 89ad10b6506..2a7bd43e5f5 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46284.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46284", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.273", - "lastModified": "2024-08-13T08:15:09.073", + "lastModified": "2024-09-10T10:15:08.467", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json index e78e656a9eb..173054d7a3e 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46285.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46285", "sourceIdentifier": "productcert@siemens.com", "published": "2023-12-12T12:15:14.477", - "lastModified": "2024-08-13T08:15:09.193", + "lastModified": "2024-09-10T10:15:08.577", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." + "value": "A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48363.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48363.json index 2b0156b0ae0..3beb7cdd467 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48363.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48363.json @@ -2,13 +2,13 @@ "id": "CVE-2023-48363", "sourceIdentifier": "productcert@siemens.com", "published": "2024-02-13T09:15:45.763", - "lastModified": "2024-07-09T12:15:10.147", + "lastModified": "2024-09-10T10:15:08.697", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server." + "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) \r\ncommunication protocol in the affected products do not \r\nproperly handle certain unorganized RPC messages. An \r\nattacker could use this vulnerability to cause a denial of service \r\ncondition in the RPC server." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48364.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48364.json index d8c1eabf0d2..c4c38b92907 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48364.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48364.json @@ -2,13 +2,13 @@ "id": "CVE-2023-48364", "sourceIdentifier": "productcert@siemens.com", "published": "2024-02-13T09:15:45.980", - "lastModified": "2024-07-09T12:15:10.277", + "lastModified": "2024-09-10T10:15:08.833", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server." + "value": "A vulnerability has been identified in OpenPCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 15), SIMATIC WinCC V8.0 (All versions < V8.0 Update 4). The implementation of the RPC (Remote Procedure call) communication protocol in the affected products do not properly handle certain malformed RPC messages. An attacker could use this vulnerability to cause a denial of service condition in the RPC server." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json new file mode 100644 index 00000000000..50f192a97d9 --- /dev/null +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2023-49069", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:08.947", + "lastModified": "2024-09-10T10:15:08.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.14.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.2 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.12 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.26 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.14.0, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.12 (todas las versiones anteriores a la V10.12.2, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.6 (todas las versiones anteriores a la V10.6.12, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V8 (todas las versiones solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.26, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico). El mecanismo de autenticaci\u00f3n de las aplicaciones afectadas contiene una vulnerabilidad de discrepancia de respuesta observable al validar nombres de usuario. Esto podr\u00eda permitir que atacantes remotos no autenticados distingan entre nombres de usuario v\u00e1lidos e inv\u00e1lidos." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-204" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21483.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21483.json index 7f2162395c2..37ef9b19467 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21483.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21483.json @@ -2,13 +2,13 @@ "id": "CVE-2024-21483", "sourceIdentifier": "productcert@siemens.com", "published": "2024-03-12T11:15:48.217", - "lastModified": "2024-03-12T12:40:13.500", + "lastModified": "2024-09-10T10:15:09.173", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.\r\n\r\nAn attacker with physical access to the device could read out the data." + "value": "A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.\r\n\r\nAn attacker with physical access to the device could read out the data." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], "cvssMetricV31": [ { "source": "productcert@siemens.com", diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json index 642938ab89e..6110f313274 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json @@ -2,13 +2,13 @@ "id": "CVE-2024-30321", "sourceIdentifier": "productcert@siemens.com", "published": "2024-07-09T12:15:11.707", - "lastModified": "2024-07-09T18:19:14.047", + "lastModified": "2024-09-10T10:15:09.340", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-320xx/CVE-2024-32006.json b/CVE-2024/CVE-2024-320xx/CVE-2024-32006.json new file mode 100644 index 00000000000..676fdf7200a --- /dev/null +++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32006.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-32006", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:09.473", + "lastModified": "2024-09-10T10:15:09.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada no hace que la sesi\u00f3n del usuario caduque al reiniciar sin cerrar sesi\u00f3n. Esto podr\u00eda permitir que un atacante eluda la autenticaci\u00f3n multifactor." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json b/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json new file mode 100644 index 00000000000..161ea538fa7 --- /dev/null +++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-33698", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:09.707", + "lastModified": "2024-09-10T10:15:09.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Information Server 2022 (todas las versiones), SIMATIC Information Server 2024 (todas las versiones), SIMATIC PCS neo V4.0 (todas las versiones), SIMATIC PCS neo V4.1 (todas las versiones < V4.1 Update 2), SIMATIC PCS neo V5.0 (todas las versiones), SINEC NMS (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V16 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V17 (todas las versiones < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (todas las versiones), Totally Integrated Automation Portal (TIA Portal) V19 (todas las versiones). Los productos afectados contienen una vulnerabilidad de desbordamiento de b\u00fafer basada en mont\u00f3n en el componente UMC integrado. Esto podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json new file mode 100644 index 00000000000..89436c468d8 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-35783", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:09.937", + "lastModified": "2024-09-10T10:15:09.937", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC BATCH V9.1 (todas las versiones), SIMATIC Information Server 2020 (todas las versiones), SIMATIC Information Server 2022 (todas las versiones), SIMATIC PCS 7 V9.1 (todas las versiones), SIMATIC Process Historian 2020 (todas las versiones), SIMATIC Process Historian 2022 (todas las versiones), SIMATIC WinCC Runtime Professional V18 (todas las versiones), SIMATIC WinCC Runtime Professional V19 (todas las versiones), SIMATIC WinCC V7.4 (todas las versiones), SIMATIC WinCC V7.5 (todas las versiones < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (todas las versiones < V8.0 Update 5). Los productos afectados ejecutan su servidor de base de datos con privilegios elevados, lo que podr\u00eda permitir que un atacante autenticado ejecute comandos arbitrarios del sistema operativo con privilegios administrativos." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37990.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37990.json new file mode 100644 index 00000000000..5e9f02b0066 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37990.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-37990", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:10.227", + "lastModified": "2024-09-10T10:15:10.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones < V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones < V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones < V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones < V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones < V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones < V2.2). Las aplicaciones afectadas contienen archivos de configuraci\u00f3n que se pueden modificar. Un atacante con acceso privilegiado puede modificar estos archivos y habilitar funciones que no est\u00e1n disponibles para este dispositivo." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.0, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37991.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37991.json new file mode 100644 index 00000000000..23079f8749e --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37991.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-37991", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:10.600", + "lastModified": "2024-09-10T10:15:10.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones < V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones < V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones < V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones < V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones < V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones < V2.2). Se puede acceder a los archivos de registro de servicio de la aplicaci\u00f3n afectada sin la autenticaci\u00f3n adecuada. Esto podr\u00eda permitir que un atacante no autenticado obtenga acceso a informaci\u00f3n confidencial." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37992.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37992.json new file mode 100644 index 00000000000..1b976cdbca5 --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37992.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-37992", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:10.837", + "lastModified": "2024-09-10T10:15:10.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones < V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones < V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones < V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones < V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones < V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones < V2.2). Los dispositivos afectados no gestionan correctamente el error en caso de exceso de caracteres al configurar SNMP, lo que provoca el reinicio de la aplicaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37993.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37993.json new file mode 100644 index 00000000000..028fff5a4da --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37993.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-37993", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:11.090", + "lastModified": "2024-09-10T10:15:11.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones < V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones < V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones < V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones < V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones < V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones < V2.2). Las aplicaciones afectadas no autentican la creaci\u00f3n de instancias de Ajax2App. Esto podr\u00eda permitir que un atacante no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37994.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37994.json new file mode 100644 index 00000000000..5b3cf50167b --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37994.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-37994", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:11.340", + "lastModified": "2024-09-10T10:15:11.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones < V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones < V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones < V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones < V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones < V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones < V2.2). La aplicaci\u00f3n afectada contiene un elemento de configuraci\u00f3n oculto para habilitar la funcionalidad de depuraci\u00f3n. Esto podr\u00eda permitir que un atacante obtenga informaci\u00f3n sobre la configuraci\u00f3n interna de la implementaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-379xx/CVE-2024-37995.json b/CVE-2024/CVE-2024-379xx/CVE-2024-37995.json new file mode 100644 index 00000000000..2b933bc2b9b --- /dev/null +++ b/CVE-2024/CVE-2024-379xx/CVE-2024-37995.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-37995", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:11.570", + "lastModified": "2024-09-10T10:15:11.570", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (Todas las versiones < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (Todas las versiones < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (Todas las versiones < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (Todas las versiones < V1.1), SIMATIC RF166C (6GT2002-0EE20) (Todas las versiones < V2.2), SIMATIC RF185C (6GT2002-0JE10) (Todas las versiones < V2.2), SIMATIC RF186C (6GT2002-0JE20) (Todas las versiones < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (Todas las versiones < V2.2), SIMATIC RF188C (6GT2002-0JE40) (Todas las versiones < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (Todas las versiones < V2.2), SIMATIC RF360R (6GT2801-5BA30) (Todas las versiones < V2.2). La aplicaci\u00f3n afectada maneja incorrectamente el error durante la carga de un certificado defectuoso, lo que provoca el bloqueo de la aplicaci\u00f3n. Esta vulnerabilidad podr\u00eda permitir a un atacante revelar informaci\u00f3n confidencial." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 2.1, + "baseSeverity": "LOW" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40754.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40754.json new file mode 100644 index 00000000000..2809bdff35f --- /dev/null +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40754.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-40754", + "sourceIdentifier": "PSIRT@samsung.com", + "published": "2024-09-10T11:15:10.503", + "lastModified": "2024-09-10T11:15:10.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@samsung.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Samsung/escargot/pull/1369", + "source": "PSIRT@samsung.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41170.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41170.json new file mode 100644 index 00000000000..d6d4b048c66 --- /dev/null +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41170.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-41170", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:11.797", + "lastModified": "2024-09-10T10:15:11.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Tecnomatix Plant Simulation V2302 (todas las versiones anteriores a V2302.0015) y Tecnomatix Plant Simulation V2404 (todas las versiones anteriores a V2404.0004). Las aplicaciones afectadas contienen una vulnerabilidad de desbordamiento de pila al analizar archivos SPP especialmente dise\u00f1ados. Esto podr\u00eda permitir que un atacante ejecute c\u00f3digo en el contexto del proceso actual." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-427715.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41171.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41171.json new file mode 100644 index 00000000000..9f069e572e2 --- /dev/null +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41171.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-41171", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:12.000", + "lastModified": "2024-09-10T10:15:12.000", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Affected devices do not properly enforce access restrictions to scripts that are regularly executed by the system with elevated privileges. This could allow an authenticated local attacker to escalate their privileges in the underlying system." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINUMERIK 828D V4 (todas las versiones), SINUMERIK 828D V5 (todas las versiones < V5.24), SINUMERIK 840D sl V4 (todas las versiones), SINUMERIK ONE (todas las versiones < V6.24). Los dispositivos afectados no aplican correctamente las restricciones de acceso a los scripts que el sistema ejecuta regularmente con privilegios elevados. Esto podr\u00eda permitir que un atacante local autenticado aumente sus privilegios en el sistema subyacente." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-342438.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42344.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42344.json new file mode 100644 index 00000000000..4753957c918 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42344.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-42344", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:12.213", + "lastModified": "2024-09-10T10:15:12.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada inserta informaci\u00f3n confidencial en un archivo de registro que pueden leer todos los usuarios leg\u00edtimos del sistema subyacente. Esto podr\u00eda permitir que un atacante autenticado comprometa la confidencialidad de los datos de configuraci\u00f3n de otros usuarios." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42345.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42345.json new file mode 100644 index 00000000000..5f1a3aa204e --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42345.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-42345", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:12.433", + "lastModified": "2024-09-10T10:15:12.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada no gestiona correctamente el establecimiento y la invalidaci\u00f3n de sesiones de usuario. Esto podr\u00eda permitir que un atacante remoto eluda la autenticaci\u00f3n multifactor adicional para el establecimiento de sesiones de usuario." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-869574.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-436xx/CVE-2024-43647.json b/CVE-2024/CVE-2024-436xx/CVE-2024-43647.json new file mode 100644 index 00000000000..73b47b7af2d --- /dev/null +++ b/CVE-2024/CVE-2024-436xx/CVE-2024-43647.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-43647", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:12.650", + "lastModified": "2024-09-10T10:15:12.650", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices do not properly handle TCP packets with an incorrect structure. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the network cable of the device needs to be unplugged and re-plugged." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (Todas las versiones), versiones), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (Todas las versiones), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (Todas las versiones), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (Todas las versiones). Los dispositivos afectados no manejan correctamente los paquetes TCP con una estructura incorrecta. Esto podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio. Para restablecer las operaciones normales, es necesario desconectar y volver a conectar el cable de red del dispositivo." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-969738.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-437xx/CVE-2024-43781.json b/CVE-2024/CVE-2024-437xx/CVE-2024-43781.json new file mode 100644 index 00000000000..79ef027d77d --- /dev/null +++ b/CVE-2024/CVE-2024-437xx/CVE-2024-43781.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-43781", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:12.897", + "lastModified": "2024-09-10T10:15:12.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en SINUMERIK 828D V4 (todas las versiones < V4.95 SP3), SINUMERIK 840D sl V4 (todas las versiones < V4.95 SP3 en relaci\u00f3n con el uso de Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (todas las versiones < V6.23 en relaci\u00f3n con el uso de Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (todas las versiones < V6.15 SP4 en relaci\u00f3n con el uso de Create MyConfig (CMC) <= V6.6). Los sistemas afectados, que han sido equipados con Create MyConfig (CMC), contienen una vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro. Esto podr\u00eda permitir que un usuario autenticado local con privilegios bajos lea informaci\u00f3n confidencial y, de este modo, eluda las restricciones de acceso." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-097786.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-440xx/CVE-2024-44087.json b/CVE-2024/CVE-2024-440xx/CVE-2024-44087.json new file mode 100644 index 00000000000..ff04c91b469 --- /dev/null +++ b/CVE-2024/CVE-2024-440xx/CVE-2024-44087.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-44087", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:13.140", + "lastModified": "2024-09-10T10:15:13.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Automation License Manager V5 (todas las versiones), Automation License Manager V6.0 (todas las versiones), Automation License Manager V6.2 (todas las versiones < V6.2 Upd3). Las aplicaciones afectadas no validan correctamente ciertos campos en los paquetes de red entrantes en el puerto 4410/tcp. Esto podr\u00eda permitir que un atacante remoto no autenticado provoque un desbordamiento de enteros y el bloqueo de la aplicaci\u00f3n. Esta condici\u00f3n de denegaci\u00f3n de servicio podr\u00eda impedir que los usuarios leg\u00edtimos utilicen productos posteriores que dependan de la aplicaci\u00f3n afectada para la verificaci\u00f3n de la licencia." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.2, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-103653.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45032.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45032.json new file mode 100644 index 00000000000..a9713211148 --- /dev/null +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45032.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-45032", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-09-10T10:15:13.407", + "lastModified": "2024-09-10T10:15:13.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad en Industrial Edge Management Pro (todas las versiones anteriores a la V1.9.5) e Industrial Edge Management Virtual (todas las versiones anteriores a la V2.3.1-1). Los componentes afectados no validan correctamente los tokens de los dispositivos. Esto podr\u00eda permitir que un atacante remoto no autenticado se haga pasar por otros dispositivos incorporados al sistema." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-359713.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45625.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45625.json index a9008c38a8d..d1274d109fa 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45625.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45625.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45625", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-09T05:15:01.827", - "lastModified": "2024-09-09T13:03:38.303", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-10T11:19:40.113", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,88 @@ "value": "Existe una vulnerabilidad de cross site scripting en las versiones de Forminator anteriores a la 1.34.1. Si se aprovecha esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que siga una URL creada y acceda a la p\u00e1gina web con el formulario web creado por Forminator." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.34.1", + "matchCriteriaId": "8E8BE6AB-1155-4FD3-AD4B-D87C1A347C71" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN65724976/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?new=3135507%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js&old=3111152%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/plugins/forminator/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://wpmudev.com/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45845.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45845.json new file mode 100644 index 00000000000..25fdab6e04a --- /dev/null +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45845.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-45845", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-09-10T11:15:10.660", + "lastModified": "2024-09-10T11:15:10.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/NixOS/nix/tags", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=41492994", + "source": "cve@mitre.org" + }, + { + "url": "https://puckipedia.com/7hkj-98sq/qixt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-77xx/CVE-2024-7770.json b/CVE-2024/CVE-2024-77xx/CVE-2024-7770.json new file mode 100644 index 00000000000..70b9e6d0f24 --- /dev/null +++ b/CVE-2024/CVE-2024-77xx/CVE-2024-7770.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2024-7770", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-10T11:15:10.780", + "lastModified": "2024-09-10T11:15:10.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/backend/app/Http/Controllers/FileManagerController.php#L26", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinder.class.php#L1210", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinder.class.php#L3257", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/file-manager/trunk/libs/elFinder/php/elFinderConnector.class.php#L160", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3138710/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9cae7702-e531-45b9-9131-42edbc073a07?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8241.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8241.json new file mode 100644 index 00000000000..1bc7a5ef382 --- /dev/null +++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8241.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-8241", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-10T10:15:13.653", + "lastModified": "2024-09-10T10:15:13.653", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Nova Blocks de Pixelgrade para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo 'align' del bloque de Gutenberg 'wp:separator' en todas las versiones hasta la 2.1.7 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pixelgrade/nova-blocks/commit/655b5b804306c3ca3a59707cc2f12098e193b4ca", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3148752/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/nova-blocks/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3011befd-c0c6-4800-a370-e592c3ec483f?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8543.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8543.json new file mode 100644 index 00000000000..f06b16764be --- /dev/null +++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8543.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8543", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-09-10T10:15:13.887", + "lastModified": "2024-09-10T10:15:13.887", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Slider comparison image before and after para WordPress es vulnerable a la ejecuci\u00f3n de Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado [sciba] del complemento en todas las versiones hasta la 0.8.3 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/slider-comparison-image-before-and-after/trunk/sciba.php#L39", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14ab5d7c-ab46-4a53-b0d2-8b331e204cf3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8645.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8645.json new file mode 100644 index 00000000000..bdd34946d9c --- /dev/null +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8645.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-8645", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-09-10T10:15:14.113", + "lastModified": "2024-09-10T10:15:14.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file" + }, + { + "lang": "es", + "value": "La falla del disector SPRT en Wireshark 4.2.0 a 4.0.5 y 4.0.0 a 4.0.15 permite la denegaci\u00f3n de servicio a trav\u00e9s de la inyecci\u00f3n de paquetes o un archivo de captura creado" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-824" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/wireshark/wireshark/-/issues/19559", + "source": "cve@gitlab.com" + }, + { + "url": "https://www.wireshark.org/security/wnpa-sec-2024-10.html", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d62c11898a4..0667e35ab80 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-10T10:00:18.590134+00:00 +2024-09-10T12:00:20.451537+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-10T09:15:07.497000+00:00 +2024-09-10T11:19:40.113000+00:00 ``` ### Last Data Feed Release @@ -33,48 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -262304 +262332 ``` ### CVEs added in the last Commit -Recently added CVEs: `24` +Recently added CVEs: `28` -- [CVE-2024-39574](CVE-2024/CVE-2024-395xx/CVE-2024-39574.json) (`2024-09-10T09:15:02.290`) -- [CVE-2024-39580](CVE-2024/CVE-2024-395xx/CVE-2024-39580.json) (`2024-09-10T09:15:02.740`) -- [CVE-2024-39581](CVE-2024/CVE-2024-395xx/CVE-2024-39581.json) (`2024-09-10T09:15:02.993`) -- [CVE-2024-39582](CVE-2024/CVE-2024-395xx/CVE-2024-39582.json) (`2024-09-10T09:15:03.243`) -- [CVE-2024-39583](CVE-2024/CVE-2024-395xx/CVE-2024-39583.json) (`2024-09-10T09:15:03.513`) -- [CVE-2024-42424](CVE-2024/CVE-2024-424xx/CVE-2024-42424.json) (`2024-09-10T08:15:02.487`) -- [CVE-2024-42425](CVE-2024/CVE-2024-424xx/CVE-2024-42425.json) (`2024-09-10T09:15:03.777`) -- [CVE-2024-42427](CVE-2024/CVE-2024-424xx/CVE-2024-42427.json) (`2024-09-10T08:15:02.760`) -- [CVE-2024-43385](CVE-2024/CVE-2024-433xx/CVE-2024-43385.json) (`2024-09-10T09:15:04.150`) -- [CVE-2024-43386](CVE-2024/CVE-2024-433xx/CVE-2024-43386.json) (`2024-09-10T09:15:04.400`) -- [CVE-2024-43387](CVE-2024/CVE-2024-433xx/CVE-2024-43387.json) (`2024-09-10T09:15:04.690`) -- [CVE-2024-43388](CVE-2024/CVE-2024-433xx/CVE-2024-43388.json) (`2024-09-10T09:15:04.953`) -- [CVE-2024-43389](CVE-2024/CVE-2024-433xx/CVE-2024-43389.json) (`2024-09-10T09:15:05.220`) -- [CVE-2024-43390](CVE-2024/CVE-2024-433xx/CVE-2024-43390.json) (`2024-09-10T09:15:05.537`) -- [CVE-2024-43391](CVE-2024/CVE-2024-433xx/CVE-2024-43391.json) (`2024-09-10T09:15:05.760`) -- [CVE-2024-43392](CVE-2024/CVE-2024-433xx/CVE-2024-43392.json) (`2024-09-10T09:15:06.100`) -- [CVE-2024-43393](CVE-2024/CVE-2024-433xx/CVE-2024-43393.json) (`2024-09-10T09:15:06.367`) -- [CVE-2024-6596](CVE-2024/CVE-2024-65xx/CVE-2024-6596.json) (`2024-09-10T08:15:03.350`) -- [CVE-2024-7618](CVE-2024/CVE-2024-76xx/CVE-2024-7618.json) (`2024-09-10T08:15:03.620`) -- [CVE-2024-7655](CVE-2024/CVE-2024-76xx/CVE-2024-7655.json) (`2024-09-10T08:15:03.830`) -- [CVE-2024-7698](CVE-2024/CVE-2024-76xx/CVE-2024-7698.json) (`2024-09-10T09:15:06.847`) -- [CVE-2024-7699](CVE-2024/CVE-2024-76xx/CVE-2024-7699.json) (`2024-09-10T09:15:07.180`) -- [CVE-2024-7734](CVE-2024/CVE-2024-77xx/CVE-2024-7734.json) (`2024-09-10T08:15:04.020`) -- [CVE-2024-8258](CVE-2024/CVE-2024-82xx/CVE-2024-8258.json) (`2024-09-10T09:15:07.497`) +- [CVE-2023-30756](CVE-2023/CVE-2023-307xx/CVE-2023-30756.json) (`2024-09-10T10:15:06.197`) +- [CVE-2023-49069](CVE-2023/CVE-2023-490xx/CVE-2023-49069.json) (`2024-09-10T10:15:08.947`) +- [CVE-2024-32006](CVE-2024/CVE-2024-320xx/CVE-2024-32006.json) (`2024-09-10T10:15:09.473`) +- [CVE-2024-33698](CVE-2024/CVE-2024-336xx/CVE-2024-33698.json) (`2024-09-10T10:15:09.707`) +- [CVE-2024-35783](CVE-2024/CVE-2024-357xx/CVE-2024-35783.json) (`2024-09-10T10:15:09.937`) +- [CVE-2024-37990](CVE-2024/CVE-2024-379xx/CVE-2024-37990.json) (`2024-09-10T10:15:10.227`) +- [CVE-2024-37991](CVE-2024/CVE-2024-379xx/CVE-2024-37991.json) (`2024-09-10T10:15:10.600`) +- [CVE-2024-37992](CVE-2024/CVE-2024-379xx/CVE-2024-37992.json) (`2024-09-10T10:15:10.837`) +- [CVE-2024-37993](CVE-2024/CVE-2024-379xx/CVE-2024-37993.json) (`2024-09-10T10:15:11.090`) +- [CVE-2024-37994](CVE-2024/CVE-2024-379xx/CVE-2024-37994.json) (`2024-09-10T10:15:11.340`) +- [CVE-2024-37995](CVE-2024/CVE-2024-379xx/CVE-2024-37995.json) (`2024-09-10T10:15:11.570`) +- [CVE-2024-40754](CVE-2024/CVE-2024-407xx/CVE-2024-40754.json) (`2024-09-10T11:15:10.503`) +- [CVE-2024-41170](CVE-2024/CVE-2024-411xx/CVE-2024-41170.json) (`2024-09-10T10:15:11.797`) +- [CVE-2024-41171](CVE-2024/CVE-2024-411xx/CVE-2024-41171.json) (`2024-09-10T10:15:12.000`) +- [CVE-2024-42344](CVE-2024/CVE-2024-423xx/CVE-2024-42344.json) (`2024-09-10T10:15:12.213`) +- [CVE-2024-42345](CVE-2024/CVE-2024-423xx/CVE-2024-42345.json) (`2024-09-10T10:15:12.433`) +- [CVE-2024-43647](CVE-2024/CVE-2024-436xx/CVE-2024-43647.json) (`2024-09-10T10:15:12.650`) +- [CVE-2024-43781](CVE-2024/CVE-2024-437xx/CVE-2024-43781.json) (`2024-09-10T10:15:12.897`) +- [CVE-2024-44087](CVE-2024/CVE-2024-440xx/CVE-2024-44087.json) (`2024-09-10T10:15:13.140`) +- [CVE-2024-45032](CVE-2024/CVE-2024-450xx/CVE-2024-45032.json) (`2024-09-10T10:15:13.407`) +- [CVE-2024-45845](CVE-2024/CVE-2024-458xx/CVE-2024-45845.json) (`2024-09-10T11:15:10.660`) +- [CVE-2024-7770](CVE-2024/CVE-2024-77xx/CVE-2024-7770.json) (`2024-09-10T11:15:10.780`) +- [CVE-2024-8241](CVE-2024/CVE-2024-82xx/CVE-2024-8241.json) (`2024-09-10T10:15:13.653`) +- [CVE-2024-8543](CVE-2024/CVE-2024-85xx/CVE-2024-8543.json) (`2024-09-10T10:15:13.887`) +- [CVE-2024-8645](CVE-2024/CVE-2024-86xx/CVE-2024-8645.json) (`2024-09-10T10:15:14.113`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `27` -- [CVE-2023-26310](CVE-2023/CVE-2023-263xx/CVE-2023-26310.json) (`2024-09-10T08:15:01.923`) -- [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-09-10T08:15:02.147`) -- [CVE-2024-39463](CVE-2024/CVE-2024-394xx/CVE-2024-39463.json) (`2024-09-10T08:15:02.380`) -- [CVE-2024-43898](CVE-2024/CVE-2024-438xx/CVE-2024-43898.json) (`2024-09-10T08:15:02.960`) -- [CVE-2024-44944](CVE-2024/CVE-2024-449xx/CVE-2024-44944.json) (`2024-09-10T08:15:03.230`) +- [CVE-2019-10923](CVE-2019/CVE-2019-109xx/CVE-2019-10923.json) (`2024-09-10T10:15:03.397`) +- [CVE-2020-25236](CVE-2020/CVE-2020-252xx/CVE-2020-25236.json) (`2024-09-10T10:15:03.727`) +- [CVE-2022-36361](CVE-2022/CVE-2022-363xx/CVE-2022-36361.json) (`2024-09-10T10:15:03.930`) +- [CVE-2022-36362](CVE-2022/CVE-2022-363xx/CVE-2022-36362.json) (`2024-09-10T10:15:04.130`) +- [CVE-2022-36363](CVE-2022/CVE-2022-363xx/CVE-2022-36363.json) (`2024-09-10T10:15:04.293`) +- [CVE-2022-42784](CVE-2022/CVE-2022-427xx/CVE-2022-42784.json) (`2024-09-10T10:15:04.440`) +- [CVE-2022-43716](CVE-2022/CVE-2022-437xx/CVE-2022-43716.json) (`2024-09-10T10:15:04.627`) +- [CVE-2022-43767](CVE-2022/CVE-2022-437xx/CVE-2022-43767.json) (`2024-09-10T10:15:04.850`) +- [CVE-2022-43768](CVE-2022/CVE-2022-437xx/CVE-2022-43768.json) (`2024-09-10T10:15:05.020`) +- [CVE-2022-46144](CVE-2022/CVE-2022-461xx/CVE-2022-46144.json) (`2024-09-10T10:15:05.170`) +- [CVE-2023-44317](CVE-2023/CVE-2023-443xx/CVE-2023-44317.json) (`2024-09-10T10:15:06.443`) +- [CVE-2023-44319](CVE-2023/CVE-2023-443xx/CVE-2023-44319.json) (`2024-09-10T10:15:07.013`) +- [CVE-2023-44373](CVE-2023/CVE-2023-443xx/CVE-2023-44373.json) (`2024-09-10T10:15:07.217`) +- [CVE-2023-44374](CVE-2023/CVE-2023-443xx/CVE-2023-44374.json) (`2024-09-10T10:15:07.467`) +- [CVE-2023-46280](CVE-2023/CVE-2023-462xx/CVE-2023-46280.json) (`2024-09-10T10:15:07.977`) +- [CVE-2023-46281](CVE-2023/CVE-2023-462xx/CVE-2023-46281.json) (`2024-09-10T10:15:08.120`) +- [CVE-2023-46282](CVE-2023/CVE-2023-462xx/CVE-2023-46282.json) (`2024-09-10T10:15:08.240`) +- [CVE-2023-46283](CVE-2023/CVE-2023-462xx/CVE-2023-46283.json) (`2024-09-10T10:15:08.353`) +- [CVE-2023-46284](CVE-2023/CVE-2023-462xx/CVE-2023-46284.json) (`2024-09-10T10:15:08.467`) +- [CVE-2023-46285](CVE-2023/CVE-2023-462xx/CVE-2023-46285.json) (`2024-09-10T10:15:08.577`) +- [CVE-2023-48363](CVE-2023/CVE-2023-483xx/CVE-2023-48363.json) (`2024-09-10T10:15:08.697`) +- [CVE-2023-48364](CVE-2023/CVE-2023-483xx/CVE-2023-48364.json) (`2024-09-10T10:15:08.833`) +- [CVE-2024-21483](CVE-2024/CVE-2024-214xx/CVE-2024-21483.json) (`2024-09-10T10:15:09.173`) +- [CVE-2024-30321](CVE-2024/CVE-2024-303xx/CVE-2024-30321.json) (`2024-09-10T10:15:09.340`) +- [CVE-2024-45625](CVE-2024/CVE-2024-456xx/CVE-2024-45625.json) (`2024-09-10T11:19:40.113`) ## Download and Usage diff --git a/_state.csv b/_state.csv index bee0da5c829..a71139d278a 100644 --- a/_state.csv +++ b/_state.csv @@ -103135,8 +103135,8 @@ CVE-2017-2676,0,0,050be941dea9bfc7ed82777b33c51dc90b7674a6df5d1bf3290efd22aea9f5 CVE-2017-2677,0,0,351f62095b73014426f7852781699c583c2157de11fef699dba2f8bd57b9cef1,2023-11-07T02:43:55.580000 CVE-2017-2678,0,0,25468c73a1ef476e7ec5eefc56aa86a9d9a4290a481b5750b6fecaafa6325e7b,2023-11-07T02:43:55.963000 CVE-2017-2679,0,0,3bc747166047b6b41a64c4bb9c9ea16c230c7633dc072e7859c3907327a13776,2023-11-07T02:43:56.347000 -CVE-2017-2680,0,0,0682df14f44200f75bac33749eb483588a77ef0ae2ec19193912b9d4dfe210dd,2024-07-09T12:15:03.820000 -CVE-2017-2681,0,0,d2bbec5ce9d2598e154be6df533e5bbafb445676b66da8daf1c45e9efe897036,2024-07-09T12:15:04.280000 +CVE-2017-2680,0,1,719855314b28e78c0d9037a18e165bc848b8f372391d7e74cd0facbe5e2b8d1e,2024-09-10T10:15:02.153000 +CVE-2017-2681,0,1,1901181c7415ca5f2aed5c855d6c09aa036699e7f40d0d3a3b8d4ccb8f97ace4,2024-09-10T10:15:03.063000 CVE-2017-2682,0,0,07882bed21afd3c95d840c1791fa8ef120062812c12b77cc3d656f87ecadbd37,2017-07-17T13:18:24.877000 CVE-2017-2683,0,0,e57f8837717eb1418a768c2837641c9586bc172f0fb5a900f91630078424f906,2017-07-17T13:18:24.953000 CVE-2017-2684,0,0,d0876fb19e045ef6f39e2a04d713318e1c5cfa6b7905297e8e4ec80098e01056,2019-10-09T23:27:06.587000 @@ -129117,7 +129117,7 @@ CVE-2019-1092,0,0,6edb368d7f1a133c357dc70cde06474a352b5a719bd19060da9f2c4d6794b5 CVE-2019-10920,0,0,0652c8aaa04834ad830a596d1e7034dba9881c29f8e82b96fadb4c3743781175,2022-01-04T18:10:56.570000 CVE-2019-10921,0,0,dd3098d492ef3bc1d945c7fdac73fbc4522f3748d43a73d61897d8406747508e,2022-01-04T18:11:04.483000 CVE-2019-10922,0,0,6f88d3c4e3178efc2ce9df09b081c1da3e844bfccc672ec6c2497aee407c738a,2020-10-02T14:36:36.303000 -CVE-2019-10923,0,0,76d2d0a7732282c2c6f1b19fb62daf6f103a361d4f2cd16a8bd2229d32f49d38,2023-05-09T13:15:12.763000 +CVE-2019-10923,0,1,befae9f235d8e22197f3e3c07df3dc88d6f82462edd710c84ca6613c9b00d415,2024-09-10T10:15:03.397000 CVE-2019-10924,0,0,8c5b5296830ab3e2c2fc0aed4100a1af81565980a6d25582c80dd493d8ba2eef,2022-01-04T18:11:08.360000 CVE-2019-10925,0,0,ef90084b53084393dd289d8894a210d60c41ca19bf6d724c0c0a88864719385a,2021-03-15T18:15:15.393000 CVE-2019-10926,0,0,7eeb4a9a10d2bb7498e0c7046f95b90ad41dab587d6ff60276d9242e56932738,2021-03-15T18:15:15.503000 @@ -154599,7 +154599,7 @@ CVE-2020-25232,0,0,86034af8f52d27050807a8d8a62ce6a7006d288bd57ffe2275e1bab49387c CVE-2020-25233,0,0,a2df778e73cfedc1daa768685161ee1134fe6effd620190249ad25490db60078,2020-12-16T17:40:18.947000 CVE-2020-25234,0,0,a1ee01a28c60e4b1c4530b4e9bbd4c87d950d89f78e70c91a2ff3f4fc6869d7e,2020-12-16T15:48:06.450000 CVE-2020-25235,0,0,23fda00ca555b44cb1ba88a1e53a66d38d7b7dcfa75b9b058886462d74a68c45,2020-12-16T15:38:08.537000 -CVE-2020-25236,0,0,0680d6db4ed7bb8409ae75645eed92076fdc4c3b00c7ca6655f89f56c49ac29c,2023-12-12T12:15:07.960000 +CVE-2020-25236,0,1,e41a5d0b27544b654c210327520512a854c83d3f9245f7940ae91f8bd766c52d,2024-09-10T10:15:03.727000 CVE-2020-25237,0,0,bd1174551d3bac8743ce241a0ddf90481c91f59a35e01a3207735fa06439d7c2,2021-03-10T12:52:29.993000 CVE-2020-25238,0,0,27530508ed6a447eedfb9642292068b1cde0cf09f43e66c8440e5adda7afc3a1,2022-10-21T18:21:51.103000 CVE-2020-25239,0,0,53df4326b5619d106649d5cd50e8bdeac62d3fd91dc0cbf99dcd430f16fe481a,2021-03-18T18:28:29.047000 @@ -203223,9 +203223,9 @@ CVE-2022-36358,0,0,d8ab954732651093cb3ddf83b9d4f42bd676d689c1b0a8e7f12efc730d47f CVE-2022-36359,0,0,cb59ce0a1c10a8b366e24bb22c2634854382cda0af52bd35f65d6f2a075f85f5,2023-11-07T03:49:36.670000 CVE-2022-3636,0,0,75def10d60d16bfb23d7c718385ffde793518980bc9e421807aeed368708b292,2023-11-07T03:51:33.507000 CVE-2022-36360,0,0,3a982649b709c80e5c0ecf462b67c3cb8e32cf61f278c7330a7537ab517de962,2023-07-21T20:06:03.153000 -CVE-2022-36361,0,0,fe71c074feb6d7f07bda80794679a9240445cc9448c17959a6672a34bcebffc1,2023-12-12T12:15:09.510000 -CVE-2022-36362,0,0,24b63e6b795cd497e518ddd1eba3591eec89da60ede18812fde4a33a8a5e6d04,2023-12-12T12:15:09.630000 -CVE-2022-36363,0,0,6f7780d8f676b64b5c3a8d709207fd8d5b561ca71013578893ea2c11134327cf,2023-12-12T12:15:09.740000 +CVE-2022-36361,0,1,30db183bf570f4df7aa5f3f073a7a9c3769da15bca80894dfc43ffc7b13bcbf7,2024-09-10T10:15:03.930000 +CVE-2022-36362,0,1,1103eb4bc71fc4be90ea02d583825c3b3ae2dcc74c56c41563d9536a9fd87449,2024-09-10T10:15:04.130000 +CVE-2022-36363,0,1,a78b894b4055654277f23131fc9f3afeaa75366b708d5e010f43fef96049bff0,2024-09-10T10:15:04.293000 CVE-2022-36364,0,0,738cd4acef905c428d04eb94247dcf9d6abd767f5a3dcc49e386ec9b30cce505,2022-08-03T19:36:48.113000 CVE-2022-36365,0,0,b808a7363f78b14f06a56cc19ea136df22e3d54cb59b56676f130ce4a39e706a,2022-09-23T16:53:26.720000 CVE-2022-36367,0,0,eca17243390812d2915ec3ee525429ffb7a0d8f8b9dcdce68305eeb460fbb632,2022-11-17T14:43:38.567000 @@ -208105,7 +208105,7 @@ CVE-2022-42780,0,0,53eb703be38376e44aaeb153f94985d6f1a6510ad3a96114dc31d6afcc9fd CVE-2022-42781,0,0,c04425e12ff546c681a8c65a496c4e635548e9e2fa1f90bbe6cd89b94933deec,2023-11-07T03:53:34.130000 CVE-2022-42782,0,0,7a98176714758091a77b2a02b83aa6b4e0c1cefdd4c694246854a9a3ab6f2037,2023-11-07T03:53:34.357000 CVE-2022-42783,0,0,ca0f3dd087b43778e9def7835111245fe125e662e934c5215939041d08f4a519,2023-02-22T16:01:51.523000 -CVE-2022-42784,0,0,257372732c905188945972d5a8b3abc6c12f2650eecb32d258d86505168ea4b2,2023-12-18T14:51:14.167000 +CVE-2022-42784,0,1,33a28cf7967e0d02fee0ece1ef112b3b9e5f2ccf8904b0e977dda615e513346c,2024-09-10T10:15:04.440000 CVE-2022-42785,0,0,a26dbab9ede7e28da7bbed0a0f10438f9a5f0b3516204e4871ea26a05da3813d,2022-11-21T16:20:44.763000 CVE-2022-42786,0,0,b5ff77f8c778764805711c20d80022bcf716bdc88b3cc1eb0a2765a4d96bd2c2,2023-01-20T14:53:21.557000 CVE-2022-42787,0,0,a585356117b67087487774a0a1f58b0992cdcb84af9e666ffd6499f748413724,2022-12-02T22:48:52.793000 @@ -208875,7 +208875,7 @@ CVE-2022-43710,0,0,8252021b200bf69a0879f2153da2a55121d0a089867a62fedaecf3856e956 CVE-2022-43711,0,0,75fdb24330479eec6752c493ca1c0dcce71aeb60bb9f4a3ec519941a11409ccf,2023-08-04T15:37:18.857000 CVE-2022-43712,0,0,1f3633e27afb31c08675af9ad75e88d9090a100378c1dd0bb148e9db326b39a8,2023-08-04T19:39:49.167000 CVE-2022-43713,0,0,3b09413887004099df215f7892a533fc48188411143c782898fe9f5c50a6c722,2023-08-04T15:49:03.637000 -CVE-2022-43716,0,0,194aefc3ba614e0eada7a8943ed6e6362818adfd7b305b82cd5fa89323b290a9,2024-06-11T09:15:11.587000 +CVE-2022-43716,0,1,bfbdcdd5188bd491bf22c9469dee5c2bb33e93ce8bec29584e0419dcaf894f74,2024-09-10T10:15:04.627000 CVE-2022-43717,0,0,29a13eb1c3f929491bd4890a5cb91a25d48a2fac30e9970c5e3fca2bfdb8dc2a,2023-11-07T03:54:02.080000 CVE-2022-43718,0,0,51b91014b37759fc7d6f30b773c9245370da36aee436ce0fdb04abfef0b7be6d,2023-11-07T03:54:02.147000 CVE-2022-43719,0,0,9da90bb4a2392e204bd77bf5d850869c967f8868f874775c7eb15f6046044bbe,2023-11-07T03:54:02.217000 @@ -208910,8 +208910,8 @@ CVE-2022-43763,0,0,5a89e9f45eca27bce0aa45ce577a620669ed5e3ebab8b84f8dcf7a19ae004 CVE-2022-43764,0,0,716b8b424507a69b00e70c4405a7965a2425612c9c2407ffa58e57b9f6aff0c4,2023-11-07T03:54:03.047000 CVE-2022-43765,0,0,44ee1e3446597470fdbd000b472754c793e58c2bd9cb62ee518505ee0e553772,2023-11-07T03:54:03.167000 CVE-2022-43766,0,0,7252af6f9dfbacf46c1176ccbcb8e24bb25544d5bd255322669bae6a2f5c9dc8,2022-10-28T17:43:04.957000 -CVE-2022-43767,0,0,bf9a755499df7bda22423a64066b3810646672b3b1ac450108310bcc7acf3d71,2024-06-11T09:15:11.907000 -CVE-2022-43768,0,0,b65afcf4e337a313fa2368e5f699d022fc8e0570a887e8d4f7cb589f99280eda,2024-06-11T09:15:12.230000 +CVE-2022-43767,0,1,f89060ed3e2366e8a6cf037030edd43c9251c3afc7ec90ad6a32c92ab3e75370,2024-09-10T10:15:04.850000 +CVE-2022-43768,0,1,edf5407d74d6f667a1bf44cc04eaff97fb1e3cd8f57f4513fb3a96858688e127,2024-09-10T10:15:05.020000 CVE-2022-43769,0,0,6193bf39ab361d0d09d7541bb9113ad8e91c1d98e87b991062831326c40ac0d3,2023-05-11T18:15:10.847000 CVE-2022-4377,0,0,890e2040f72a4793bbfca8d95172ab2b0885f1d3967676a282f264523ced7af8,2023-11-07T03:57:41.830000 CVE-2022-43770,0,0,144b5857412284c6bb62958984410e66a6e2a0698a54d1121d842982e14b87cb,2023-04-20T19:47:28.430000 @@ -210444,7 +210444,7 @@ CVE-2022-46140,0,0,0712d38e67b0ea79032215b4bf74ff40ac887fbb82d84f667826d6e174499 CVE-2022-46141,0,0,7e8b1bd776ac3ead1331d8517aad43a677ddf61c6250b76e8d2fe91ca8d647d2,2023-12-15T15:25:08.557000 CVE-2022-46142,0,0,20adf9da98863cb88194bbb7f513fc1ee61c018019bc165f3c2b2a49e9c660b3,2023-03-14T10:15:24.137000 CVE-2022-46143,0,0,b2840c246c8f5cf8b044875496df1888552d6b323ee32c20f66a96f8ea7c1783,2024-08-13T08:15:05.483000 -CVE-2022-46144,0,0,9f4d0a1d99f33ccf042d56c5770f1a63b93ead0d06152f6e232560517cd2ac5f,2024-06-11T09:15:12.590000 +CVE-2022-46144,0,1,f0cb206abfd1713c9d15874f8a187c90bf91ee61d36d8855b4d787172a597b98,2024-09-10T10:15:05.170000 CVE-2022-46145,0,0,6bbab686c5e58e3eba776c5bf03bc3a160f730f487ff34eb9da030dbc8db223a,2023-06-23T17:54:04.830000 CVE-2022-46146,0,0,7165ae3c480087b46becbb3e46119b1ead04bccea1432ff5ddbe81728aa47431,2024-01-12T12:15:45.110000 CVE-2022-46147,0,0,56f24172f7c3cf20b7a142bf8790b5e83ee4e62a116dd5e78d372e9ff400d70c,2022-12-01T23:07:20.930000 @@ -219706,7 +219706,7 @@ CVE-2023-26302,0,0,9a411354ae785ac90c36e058d2706fcf6cec1b10c12fed5812806e7295361 CVE-2023-26303,0,0,ce47480aa075712e3659ab1c5924fc205dec74cc6828501a996bc50bb5d49cde,2023-11-07T04:09:33.770000 CVE-2023-26309,0,0,51a32b329b4801b32eae26ca15a2553be487b677f14eb5b727a941ec0f24a709,2023-08-15T19:13:03.507000 CVE-2023-2631,0,0,4bd445bd2bec8da6a2695046ad2eabb2eb9ea9d2f819ee1d12353b574204d941,2023-05-25T16:11:45.930000 -CVE-2023-26310,0,1,8caef82d89ac2db356eefe478a7bd65a3188f13eb8463cf0512126cb835b0eb9,2024-09-10T08:15:01.923000 +CVE-2023-26310,0,0,8caef82d89ac2db356eefe478a7bd65a3188f13eb8463cf0512126cb835b0eb9,2024-09-10T08:15:01.923000 CVE-2023-26311,0,0,a53302d4b1bc0fe51715261bd00ff42e22fc0ce6f61dd99c4e9bea1fdf7a9e70,2023-08-15T18:59:47.580000 CVE-2023-26314,0,0,6effb9b6980e0bc6f3ed2f4a9c1dd25114a29ad0ef15b8bc6dd364afeaa586ec,2023-03-02T20:03:30.170000 CVE-2023-26315,0,0,7e3ab4d47f5232ab5703d804bcec5bfd7f9220cde67501bbc57773ca3ee6bedd,2024-09-06T22:25:54.637000 @@ -221780,6 +221780,7 @@ CVE-2023-28821,0,0,4b09838e4d4a8a2917bcf5cdf5f612433b074dcb7548d0d3a766e80a60b71 CVE-2023-28823,0,0,87894b474b71bc3e46b9c394031dd0006588b5abb19d7f1ecdad5a5928c0beff,2023-11-07T04:10:54.510000 CVE-2023-28824,0,0,6217e10c10df3a710e40602c4b5f6e2e19457c4fb3b380905849d51ad7a71391,2023-06-08T13:47:32.470000 CVE-2023-28826,0,0,72ba642b7be16a1b258eb748f3c254740948996853f940079d44c2390c589230,2024-03-13T23:15:45.693000 +CVE-2023-28827,1,1,c86c31b3646c9aaadfb8337ea7c102d5ef12babec1e9c55c013b42596628f90b,2024-09-10T10:15:05.347000 CVE-2023-28828,0,0,7c01788f5690e47da77e68839cb118243068e2077bb180cffc0de77a5125e0bc,2023-05-09T13:15:17.273000 CVE-2023-28829,0,0,4b5cff9cda965725817b3e2e0f35976766e508ef08936a9897600a6795af5299,2023-07-05T17:36:45.750000 CVE-2023-2883,0,0,ab9ed73cbe69a88b6f18d08ae8534916fdeccc2f5c106eb1ff09b4e5989738f8,2023-05-31T22:45:30.307000 @@ -222082,6 +222083,7 @@ CVE-2023-29186,0,0,ca337c32ecd54aaa6a20ec16dcbb51606fb6bbc389b9588c61c48b5ef3e48 CVE-2023-29187,0,0,37cbc4fc5b69bdaf8977690c2054b7318ae9c92be87dc71d8fffa14a4c6fa4d2,2023-04-26T18:44:56.017000 CVE-2023-29188,0,0,c8d6b342b1f470e012069a59253d87a9442371c20c6a02a2d8c5e75f8e5eb9c6,2023-05-12T20:38:28.087000 CVE-2023-29189,0,0,5c4829e9fc65a8a0b7677e115bc730c39c808943db2b53817e35dac9785369ee,2023-04-18T19:12:51.917000 +CVE-2023-2919,1,1,708d0ac809daadaee772b8d13497e2b97f428f147af71866a03ac102ad19f97d,2024-09-10T10:15:05.710000 CVE-2023-29192,0,0,73670fa84f26434b779f2c20e3669fdb19858c7fa2bf5bf6a721c3b4f9d813e7,2023-04-14T18:44:16.613000 CVE-2023-29193,0,0,6543396042e55a615e10b4819b5e1667d84c8522046ba09dfe814b3173c02517,2023-04-24T16:22:01.430000 CVE-2023-29194,0,0,1310b1d37e385d5ecd34739249a58dc353236e51fef4f2f920700bb6fccfa3ce,2023-04-25T14:33:00.543000 @@ -223163,6 +223165,8 @@ CVE-2023-30751,0,0,ae585a47db8a0602ef91743e13477f6236e5e01cada54890879cfcffb4e05 CVE-2023-30752,0,0,935f7908189bd82539e41a2d86f8ebb2a263a876dda7e975f2a2fdba167b8ce6,2023-08-18T18:32:55.423000 CVE-2023-30753,0,0,0d0c2545d7d29d64dd2e70bb8b3d2a933e4c99689927dfa0f64a67ee4a45ee8d,2023-06-16T03:54:31.040000 CVE-2023-30754,0,0,579004194887953c85b1a9666a3045cdf4105f26b24ce5699a1033d5b90f0ded,2023-12-29T18:02:41.543000 +CVE-2023-30755,1,1,f1e486208bd123cc32e903c003178da96d388d8594f63f1ec665bb1754c99793,2024-09-10T10:15:05.940000 +CVE-2023-30756,1,1,c193c30cc5263a335b1d7e3aef2e6ba84d35d0ce7e2e04ac4430656582ce23c7,2024-09-10T10:15:06.197000 CVE-2023-30757,0,0,cff556189dd9382efd68fbcfab505f5642dfa6d74057f5975422bc45636e64b1,2023-12-12T10:15:09.900000 CVE-2023-30758,0,0,eac657fe1eec4de76cf32cf68bed951e739823521119936a2e7bd3651d4c2b3d,2023-06-07T12:57:12.083000 CVE-2023-30759,0,0,c79c26a74dc1361d051573d8f2f37b5ac0b7264a94b4d0636fc9dfbc866e044d,2023-06-27T18:36:55.627000 @@ -230632,7 +230636,7 @@ CVE-2023-40544,0,0,0fc1193e5ecc7ee9670646c9d9c81e4c5888861b329951f2d39dd20b0e6ed CVE-2023-40545,0,0,4532249010b6a6004e21372516818bfffe3ad51f3d0730df682026d0392eb917,2024-02-13T21:08:23.400000 CVE-2023-40546,0,0,840c430022137117c69e42a7f85a3f99312bf3dfec8a88942e88061a03dc1303,2024-06-10T18:15:21.780000 CVE-2023-40547,0,0,9b90cf122878fddc15a84f80df6440afc6de66065e1022a164147da635a691b2,2024-06-10T18:15:22.260000 -CVE-2023-40548,0,1,388901dd40da5783ea3c49f521444e960caaba391cdaa3a84d6d27afa58d0c8e,2024-09-10T08:15:02.147000 +CVE-2023-40548,0,0,388901dd40da5783ea3c49f521444e960caaba391cdaa3a84d6d27afa58d0c8e,2024-09-10T08:15:02.147000 CVE-2023-40549,0,0,17a610c3a9d3095b0cee8a99f3d7863e83f494a96b51878da371261149b72c32,2024-06-10T18:15:22.643000 CVE-2023-4055,0,0,c84104f0c8ec282dfd40a04ff729cf2844caf560f3c96dbbf5c3172d6bb6b24f,2023-08-09T21:15:11.820000 CVE-2023-40550,0,0,a235f3871948c55fedc627d33971852268ff5ba363a67d042b3fb445b9b832f0,2024-06-10T18:15:22.887000 @@ -233347,9 +233351,9 @@ CVE-2023-44311,0,0,9f636032c75ac4719bb65806f83757bdf9682aff3f1b2894f2cbe3ab5b109 CVE-2023-44312,0,0,b55f0bed5b32fb9a10fa80dd795e2a2db26a169b62814fff44ce562370ac3d2a,2024-02-08T17:08:11.110000 CVE-2023-44313,0,0,788473dd20e15d46c26fea0a15a6b80abab92e76b77692224f7f5c1f6f19eb2b,2024-02-08T17:13:28.083000 CVE-2023-44315,0,0,989ee8dd510367f8ebba5e7cf28e331f132b578d9ff891d305f14cbf78005dc7,2024-07-09T12:15:09.857000 -CVE-2023-44317,0,0,5b40f3b137944ee7309810dc95cd6d4561ca4a6369ab8f1b610de660d4d5af0a,2024-08-13T08:15:06.607000 +CVE-2023-44317,0,1,ee2e8b1c28eed6b3915ac65b674c2d0d5a2591789cfb34a5758f99fbe43d9872,2024-09-10T10:15:06.443000 CVE-2023-44318,0,0,341d3d7b5d255dfa45a58efd8e36917c2d894512ced069601d4078d3de342de5,2024-06-11T09:15:14.333000 -CVE-2023-44319,0,0,f1034bb4c3cfa156461340b46c9ac77771e8f34bb839833cb765da35f2c64cf9,2024-08-13T08:15:07.073000 +CVE-2023-44319,0,1,5d4b8970a859dfa26cb608fe212352ad8d4891c21cef2a6c2c553b881c9e8bcd,2024-09-10T10:15:07.013000 CVE-2023-4432,0,0,51ff4ba9dfac44079fda611bd0d9b919e7063984434f59354de6e0beba3ce6e3,2023-08-23T16:58:29.763000 CVE-2023-44320,0,0,6344f9126342aa35fddb910bc60595b9532030a76bd0ffdb7a12da43fa45332e,2024-08-13T08:15:07.287000 CVE-2023-44321,0,0,4d96c3edcd86c04f8abee4e92403b97d81a1c6794e81f7b6e407b7f611741095,2024-08-13T08:15:07.533000 @@ -233402,8 +233406,8 @@ CVE-2023-44367,0,0,b2fa876e2c5c15f1395c9e41b01f1feb1719988292d1815b87ad4714f259d CVE-2023-4437,0,0,df0a9da3302d6af0df861f09577d9469303f893542a9e5ce64396ce50e5aa37d,2024-05-17T02:31:33.640000 CVE-2023-44371,0,0,bcac815259e9d0d227b6d57ce65befcbec474b70d67e89fe586add9b777aa421,2023-11-22T16:58:39.573000 CVE-2023-44372,0,0,eb6ed7074e4d7482b32cad1947a98bab6eedf35acd3f76700b52a63bd165fe2b,2024-02-23T19:15:08.467000 -CVE-2023-44373,0,0,679e0f962cd10fe14e819ad59b51216c7708bba227ed36e648b8743542ab3d31,2024-08-13T08:15:08.033000 -CVE-2023-44374,0,0,b430949d488bb1a5130f412c5e0ae44503ab5e89484424fe561aaa673c3bb077,2024-08-13T08:15:08.297000 +CVE-2023-44373,0,1,d180606b87016919fa66d252dedf46e02f453a642c9b127425dbc798df8de2d4,2024-09-10T10:15:07.217000 +CVE-2023-44374,0,1,9331960c4609d13c51bde1fc59dab85ec9b31d0071aeac24997812b99d1133f6,2024-09-10T10:15:07.467000 CVE-2023-44375,0,0,48b5cc51553000a2cfa67cea7f8a951d3659b6e093f2df35e76499db8afb9eef,2024-01-02T19:15:10.480000 CVE-2023-44376,0,0,03f27121c4f8ffca1841f5abcc6f000d7525e270077c8b212bbafd4e41d1bb9e,2024-01-02T19:15:10.550000 CVE-2023-44377,0,0,960eac8de781cbaac5ac605f1641529954ab7d1adeca62e37948b52710054780,2024-01-02T19:15:10.630000 @@ -234592,12 +234596,12 @@ CVE-2023-46277,0,0,a6fa4dbc780bfb3b6a6202bb0e83283f9b99e7e1a7b8f1ed53b4a92f0140d CVE-2023-46278,0,0,283a5f4d3b1f995039a2ae4f0ff4efe94da460721819375532b8f8104a5b1ff6,2023-11-08T23:22:08.177000 CVE-2023-46279,0,0,cad5cbf92c67be5e79c0f7d5a9fbe732104c543f1cf9a464893a67bc498495cf,2023-12-19T17:40:49.427000 CVE-2023-4628,0,0,9dd80f318e00bb6d35ea5e4f6175e104ad476846cbe758532913d6d17d532560,2024-03-12T12:40:13.500000 -CVE-2023-46280,0,0,cca9a4196b97bf87f929801fc57b778ce5bfa52e126f588c4e6fc746ec0bcff9,2024-08-13T08:15:08.500000 -CVE-2023-46281,0,0,9678d340eb8e8c3621a2295da0b683b5e535db74f413ed14e49bcf7e35065612,2024-08-13T08:15:08.660000 -CVE-2023-46282,0,0,714753b6e8e7ef185c481709b11ed97b39e6fe8519123ef990d1a58187414101,2024-08-13T08:15:08.813000 -CVE-2023-46283,0,0,bab6b2fd315ce2915b2ec49714854fb8bb67b39c2fc95b271f118cc3bddfba55,2024-08-13T08:15:08.950000 -CVE-2023-46284,0,0,ade280cffed44a7b9421e4fbda9724a436bd200e40758e77ae5e4208b337c9fc,2024-08-13T08:15:09.073000 -CVE-2023-46285,0,0,d188afff2af593d8f56e8e14ecfe1ee22fbe460fb35b399bc88e5907a79028e3,2024-08-13T08:15:09.193000 +CVE-2023-46280,0,1,6c4ae465a1a29eb48d8c66a506b7f4dad5a6f2dc11c8a39d8c97bb7101790bfe,2024-09-10T10:15:07.977000 +CVE-2023-46281,0,1,1e926556c2b0c2764b09b15d3e0f670867c2e23c1e27f3d771db237b5074466b,2024-09-10T10:15:08.120000 +CVE-2023-46282,0,1,e0658985a81f649ad95060ef0b8bfcae0fbe476d89f85755890e814337bcc7ab,2024-09-10T10:15:08.240000 +CVE-2023-46283,0,1,615dd1fc03d6e85ef09325d26ea8f1c698be99786bde20fb8bd0f45a029cf2d9,2024-09-10T10:15:08.353000 +CVE-2023-46284,0,1,a2e91682c3e6b5d3f42eb474c6f7070bd0c24032987fe78825aef832105252c9,2024-09-10T10:15:08.467000 +CVE-2023-46285,0,1,589c73dbf1b1b0d4f93cf2fa1fcc3d65fe2d268f13d974e4bce39dcb7c289fb7,2024-09-10T10:15:08.577000 CVE-2023-46287,0,0,85a909e3e554790149fd7a7bdc6ee45250511abf7ba5aad16e27d821e125bedd,2023-10-26T17:05:56.627000 CVE-2023-46288,0,0,4e7c3d0f2a47c2cdb963e20693070bcb74b570c31f4c02925a81ed68bcc5f5b3,2024-05-01T18:15:10.563000 CVE-2023-46289,0,0,b718fe11c7d9982447dba29076a54dbfa45cb0ef9825d49911b46533095026f6,2023-11-07T18:18:35.950000 @@ -236026,8 +236030,8 @@ CVE-2023-4836,0,0,08652eb22d8d820537a32135d6cdb0072945ba41f47c5813b91b860f7c20fc CVE-2023-48360,0,0,1cee215649e2f3611e49749f15a579a397dce0eab526eaa9428c04eb47a107d3,2024-09-09T12:21:53.383000 CVE-2023-48361,0,0,701aa49f3b16a164b735a81d4d623a8ffd5c026193f7af621d2581e771bce02f,2024-08-14T17:49:14.177000 CVE-2023-48362,0,0,c60460a7ec9b197cf25724f18c64e4d49372388ed86257e4c3dca619d16fe550,2024-08-01T13:45:08.180000 -CVE-2023-48363,0,0,2bfc4ec5e7e25cb483b369af5958deb5dd28dd7cd426eb9cf32d0a8e81c4f250,2024-07-09T12:15:10.147000 -CVE-2023-48364,0,0,b82391d36b810ac4492568e964e6ec98f18ee88a09432c62aa0865e4a71170e3,2024-07-09T12:15:10.277000 +CVE-2023-48363,0,1,e5d71fc714d1da3860c45ceea3eeea87169be822bb46ccc4c851c505f43c2f2c,2024-09-10T10:15:08.697000 +CVE-2023-48364,0,1,bf2474718bb5ba81860d0c76c545ed4b95896a92b9ac09d4f170ce62c95a1037,2024-09-10T10:15:08.833000 CVE-2023-48365,0,0,08ac0336d1b7c8130bf42658d4f4f8599137b51618c91dfe4765b7deedb1fc3a,2023-11-29T20:43:54.133000 CVE-2023-48368,0,0,14fc972e365681825e25968bdbe284b3728808e51453cd80c5c505a8e3ca41c3,2024-07-03T01:42:20.450000 CVE-2023-48369,0,0,fb4821cbffd4fdd6238c01ffc944749b9b86986102171f62f2538d2be65e0aa3,2023-12-01T21:37:48.153000 @@ -236602,6 +236606,7 @@ CVE-2023-49060,0,0,0f125d0d07dbe270a6f07b57aa641d1848f31c22fb855ca4bf11b4d5b4ef2 CVE-2023-49061,0,0,dc7136ec78ed5cf0b1889d9e499076dc7861b57a74e858b10a634425002df41f,2023-11-28T19:45:33.650000 CVE-2023-49062,0,0,1d72476c88fb45368b58247aec1688b0093de275b1093249720b62193de89ed0,2023-12-04T19:46:20.953000 CVE-2023-49068,0,0,182c6949abe2a827480e4301e5ed188cb126ad03424cd6905a2140b6a730140b,2023-12-01T13:53:23.050000 +CVE-2023-49069,1,1,cb0d50196d08019488e81ad83086406a5e9961b0510337f5888d43b9d0f5ffb4,2024-09-10T10:15:08.947000 CVE-2023-4907,0,0,ee7fec7a11df58ff005b9b63ad49a50bb70f5f4e575258375cd0f49a03cc2ad7,2024-01-31T17:15:17.750000 CVE-2023-49070,0,0,631766166232ba486ccd48cb00f4afe564eec8aa0b473067715b1f04d1a8cd4e,2023-12-29T18:15:39.103000 CVE-2023-49073,0,0,2a69c4407ae45adf60baf11d8aa993141dc3f78b1f8dc71c70987fff6214c4d6,2024-07-11T16:00:30.427000 @@ -243995,7 +244000,7 @@ CVE-2024-2148,0,0,bc86f9f844f478ac76d45c3a67c4caddad88592d7d22e93df6505352bf9f12 CVE-2024-21480,0,0,19c0e295b8ed14a7e374e89037665afa7ec9fbf156e97e3ce4bcce5f12a8ad4e,2024-05-06T16:00:59.253000 CVE-2024-21481,0,0,968847949c8fa2e94c498cfe8af11075bb292eae36dafee0fb1ffcb1d3a84e87,2024-08-06T16:30:24.547000 CVE-2024-21482,0,0,a1338b6f330d2eb5d0f4ebfab8716243966b7865599de7ef86fae57578a2170f,2024-07-02T17:51:45.687000 -CVE-2024-21483,0,0,c2d59ca54cca051cbcfef37eb0993cbdadb5979a7e9bdfb4a29df8a50b0b4b2e,2024-03-12T12:40:13.500000 +CVE-2024-21483,0,1,ddfb5ce914fa1ff56560fa86379b92a602e5ea04b740e3571ddfa8961d66603e,2024-09-10T10:15:09.173000 CVE-2024-21484,0,0,170e730118f02f10a6e5229db7c5eef4d192db3745e0e44dbc53ab2277157f67,2024-03-06T14:15:47.533000 CVE-2024-21485,0,0,5dac3ea1a637c42101b33e62955da26f7c5ea3ebfcf697d6c5d1918b66c865e0,2024-03-06T14:15:47.760000 CVE-2024-21488,0,0,83c39f70c0498b72911f550d6611f69059c8c9cdf3b0f0904578cd793bad095a,2024-02-08T13:15:09.700000 @@ -250182,7 +250187,7 @@ CVE-2024-30311,0,0,9aaaf7a631f27c18ba0d6e026b9e5bc097be151497f5f87035ce25407b016 CVE-2024-30312,0,0,f08a9328fc0df8fc97205027f081abf4a30dc22420a8570eec8a2d548e77aee7,2024-06-10T18:15:30.880000 CVE-2024-30314,0,0,001958112e812873f2afe024af602bc1e18aaeafca421eccd7dc6e99cd4f7d19,2024-05-22T08:15:09.777000 CVE-2024-3032,0,0,3ff0e9ee56a036f5520ddd218b15f57f43b4ef20b5bd57e06a8e81c2e3d08ed1,2024-07-02T14:45:48.633000 -CVE-2024-30321,0,0,e28918f0fbb9c513516989ee55311595444221fa48735e375df29436a14b17f0,2024-07-09T18:19:14.047000 +CVE-2024-30321,0,1,7f3ad8f15ea25c028515e92f7e64b7c61690659d20b0d6499853c9a9a530a6f4,2024-09-10T10:15:09.340000 CVE-2024-30322,0,0,f4e26e42e44429b86d19dca1655fc9b0e6d4cf366473cd59d34a3fd4371a1053,2024-04-03T17:24:18.150000 CVE-2024-30323,0,0,d6d47200d4c92fd98c85bfb81a96ff4ecd5c84bf8181d1e9578fd9917f267b5b,2024-04-03T17:24:18.150000 CVE-2024-30324,0,0,2ba1ad1289d8b66663b4964e19479732233e6bad3226f2e9625162b9429d0e05,2024-04-03T17:24:18.150000 @@ -251337,6 +251342,7 @@ CVE-2024-32002,0,0,8b152fa71cb7888d307cedcb6036ff42410fe299ac886c8397e8f14b70468 CVE-2024-32003,0,0,31311e12a1795761553a56c6af2bf7b204ba79f18fac5a0250a8b13fef254e1b,2024-04-15T13:15:31.997000 CVE-2024-32004,0,0,46c6e95c184179de4512a1da85cf6fbcce6fe2ac4189ff7da433e0234267bb88,2024-06-26T10:15:12.050000 CVE-2024-32005,0,0,d156f3f94a9502713f64771d89d9d58b72987fd70cae51625e32aa2c9e6ee96e,2024-04-15T13:15:31.997000 +CVE-2024-32006,1,1,40645957df859341ac7a1b8dd6a47ead5cbbb92fd343785d7ee984a78528f667,2024-09-10T10:15:09.473000 CVE-2024-32007,0,0,dac6e800b17b27260fecd9bce96903f007f5eec2446ab0ae841fc54dc30923d0,2024-08-01T13:51:19.560000 CVE-2024-3201,0,0,9d746fb1c422de83f85c51388b2057631f70f2332b71bf082d5fbeff58a4ab1e,2024-05-24T01:15:30.977000 CVE-2024-32017,0,0,4171151be280ba186c662a4712cd0108f86c659cb0491f443a14bc31a4f95a77,2024-06-10T18:15:31.880000 @@ -252526,6 +252532,7 @@ CVE-2024-33694,0,0,26d440cb75dcd86544ffadb69d95d3097f1e6a23ac05fe9a05fb2494be46d CVE-2024-33695,0,0,496bc8a3b6cc06e0f2cb2ff5ef3180780eefdd07d63e68d063cf97ba79dd8598,2024-04-26T15:32:22.523000 CVE-2024-33696,0,0,8adc0db7b8cce33b994e835fa3f282e25f1f4ef5644a2aed7cd50d800fe731e7,2024-04-26T15:32:22.523000 CVE-2024-33697,0,0,4a571113caa6ccf495d29be30608c42f9dddf9084d1562bed260e698c04aae88,2024-04-26T15:32:22.523000 +CVE-2024-33698,1,1,fe10840169979ac8e4b21a64dc35673179fc99ec70d94036271f70a7e5de1830,2024-09-10T10:15:09.707000 CVE-2024-3371,0,0,d2e6ea20ce5eb692a4e48c27aedae40a56c8f7db204eed4d633cbd78a04f68c4,2024-04-26T15:15:49.357000 CVE-2024-3372,0,0,a196d1e45ccce196e4deb1ea2387c2fe4f6bf89b27a8a7cd4be5ebcd31c9a0db,2024-05-14T19:17:55.627000 CVE-2024-3374,0,0,3ebd1bd07a69ff470e060c4c065f62c59313c2dfc13f260402ece495f026b11b,2024-05-14T19:17:55.627000 @@ -253912,6 +253919,7 @@ CVE-2024-35779,0,0,706445338be7aae5f251c8b956a0c3bf0868336274fe9963a1a9e43c59067 CVE-2024-35780,0,0,685b106b3d65ae1869c2c1c35a0354f69b2eb70c614d38b4e2c684c295e7d786,2024-06-20T12:44:01.637000 CVE-2024-35781,0,0,aa3ec547f8f8f306fe8ea0fb55240637cbf26b27603624da2638b54b69436759,2024-06-24T19:15:58.517000 CVE-2024-35782,0,0,dbc038df298fe5384dd87379cd2931409975f0d218f64474d4c9dcc1abcf8e97,2024-06-05T19:50:20.463000 +CVE-2024-35783,1,1,4a561697eb20214f753c1885d36eaeac07676c033ce0721adf5f30c8eaeae8d8,2024-09-10T10:15:09.937000 CVE-2024-35784,0,0,5d7a60327e3aea236c6954addcecd342bc4303bf9f4ddbf6fdcb56f7d7e890e7,2024-05-17T18:35:35.070000 CVE-2024-35785,0,0,99251cf0758a83ae7f60c2f912cfb4919a76584c6054f38cf9392b41ad4b090a,2024-06-25T23:15:30.160000 CVE-2024-35786,0,0,e8af1ef6ccd4fa218271a6a20ff9f509feb225a9368ed4f0a4c142495813a3de,2024-05-17T18:35:35.070000 @@ -255444,6 +255452,12 @@ CVE-2024-37987,0,0,f4bc331a9b09a336ebf69cac5128f3ddb41a4064b564c097fc6645464fecd CVE-2024-37988,0,0,c86291a0f061c05259fe7a7336e8616b7d2b496dae2d1e3292124af3161a49e9,2024-07-12T19:01:50.753000 CVE-2024-37989,0,0,3b94113ccd1695e55c704a3f38d763d5ec54c44f354e4b1fe1efc7884dacd2de,2024-07-12T18:52:38.387000 CVE-2024-3799,0,0,099fb34e0ee28d9311fbf29cfaad6b5950bd5e198b1ff9c15d8b2a88d4538973,2024-07-12T10:15:02.353000 +CVE-2024-37990,1,1,13021277601d9d014a4b4e59de181df78d85e36645bc227f3ee835cdc3af3d78,2024-09-10T10:15:10.227000 +CVE-2024-37991,1,1,2218e92b9c1a570691b273d68597c6315e81e006050368bdb5741fdf54cd1367,2024-09-10T10:15:10.600000 +CVE-2024-37992,1,1,97cb290f8179db96645274a8642d5284937910406a14b8275e75f23045e7dccd,2024-09-10T10:15:10.837000 +CVE-2024-37993,1,1,1342914a1915d73321df03c28a5aeff7bb708f4db298f4553f9ba398b7d92871,2024-09-10T10:15:11.090000 +CVE-2024-37994,1,1,e40a22030616a840260b7b353e31fb4cc65c31c0004bc1a38e78912c62dae7eb,2024-09-10T10:15:11.340000 +CVE-2024-37995,1,1,f0761cd3da7ab428c8d5aa102f98f3fce06942f19fc6329e5d0c0e64754adb20,2024-09-10T10:15:11.570000 CVE-2024-37996,0,0,e39e1581961cad8f5d5dd910100078a11657ad2090cbed7264c9a8bad1310bf5,2024-07-09T18:19:14.047000 CVE-2024-37997,0,0,880ea769e8919f97f57b9878ce449ed40b5cbca31c8883be4629ac4f6a893243,2024-07-09T18:19:14.047000 CVE-2024-37998,0,0,f74f0aee21c1d0ed189b1b53893b54b9b769e53300f2261ee57ad9c992f023c0,2024-07-24T12:55:13.223000 @@ -256379,7 +256393,7 @@ CVE-2024-3946,0,0,ab824b4f2a8403c27b100f5c3d6e7f8d9dd1c20c9aa138888e04631941f166 CVE-2024-39460,0,0,4f78962312c460642ba8951e77b013301d272c348dd713c542bd0b2b628a69cf,2024-06-27T12:47:19.847000 CVE-2024-39461,0,0,bf1816ecd185e36f42cd6844b143d10650e3a0c645cde3f5c825da5e93746f58,2024-09-03T18:12:22.633000 CVE-2024-39462,0,0,d6fa49df9f42ed202e5a3cc2f250dce01e83d58a2dd9514f13116e83ffa785aa,2024-07-03T02:05:49.283000 -CVE-2024-39463,0,1,b111e474e0d807cd55b5d29d466c83ad5da734028ce381d3a32d3bdd2da7b401,2024-09-10T08:15:02.380000 +CVE-2024-39463,0,0,b111e474e0d807cd55b5d29d466c83ad5da734028ce381d3a32d3bdd2da7b401,2024-09-10T08:15:02.380000 CVE-2024-39464,0,0,1645ce9c2dd695016de0c94e603fefd07a2e7caabc24d8ebfab3af1a26f6b184,2024-08-19T21:02:16.113000 CVE-2024-39465,0,0,b6ba07e557ee2621a86675b0febc6290289dae6bc23b121747f5f8e006230695,2024-08-19T21:04:27.467000 CVE-2024-39466,0,0,4ace459e94329b49137143c03c0ecc682c63ce5f8628b924663a1f0d72bdb734,2024-08-19T20:59:54.867000 @@ -256486,15 +256500,15 @@ CVE-2024-3957,0,0,6be73190d0db646071e408d26fd6054938440e63fb695d16249857bd780649 CVE-2024-39570,0,0,795cf07324f2cb8c6a570190fa22ff6767cfc3ce2b0050380d11d95a41e2ca40,2024-09-06T21:20:26.347000 CVE-2024-39571,0,0,b35a4f00350faa538c88f4f6d224a7df8752eca1297d346f418e4963a4c09a43,2024-09-06T21:20:00.153000 CVE-2024-39573,0,0,66fc7feceb0e35a8b2e536fb0fe145ff47c70fa679791c05a2dafe67c9ad9e6e,2024-07-12T14:15:16.400000 -CVE-2024-39574,1,1,1f09ac69c69c313f16da223b25dedecbbf2b43fda5187ce76ba05957abd70ef4,2024-09-10T09:15:02.290000 +CVE-2024-39574,0,0,1f09ac69c69c313f16da223b25dedecbbf2b43fda5187ce76ba05957abd70ef4,2024-09-10T09:15:02.290000 CVE-2024-39576,0,0,b954c37b27403600557da0d261dd953de929a61b04f025c8697cd0d77090d715,2024-08-22T12:48:02.790000 CVE-2024-39578,0,0,c57c67d60ebbfbb439cb464fedeceb835967a7da09b4f182842457f0862047f9,2024-09-03T20:56:11.277000 CVE-2024-39579,0,0,3b10efac241247907da1969516918327fdf07736fefefce9e8f33c60526e18a1,2024-09-03T20:57:32.607000 CVE-2024-3958,0,0,d5a5e3b155f3063c251dfec6027d4759e62e1ec9e2382396e782467b23eef014,2024-08-29T15:50:33.257000 -CVE-2024-39580,1,1,0667f2da3f1028a81376eb8803c26607e9ee30783cb13a19422bb1b71fbd83c9,2024-09-10T09:15:02.740000 -CVE-2024-39581,1,1,08782645b0aedc19493e60348c1771c944bcd099d67c7ad17432fb6eec443cce,2024-09-10T09:15:02.993000 -CVE-2024-39582,1,1,edd0909a5fd1f550cd8a12ecb1e1e3b73329cbc4e7e802cd284d25d21331b2fe,2024-09-10T09:15:03.243000 -CVE-2024-39583,1,1,905a4f4d436415db14dbda84aedaeb6c04ea63ee86c134b9bb29ea38828e1d14,2024-09-10T09:15:03.513000 +CVE-2024-39580,0,0,0667f2da3f1028a81376eb8803c26607e9ee30783cb13a19422bb1b71fbd83c9,2024-09-10T09:15:02.740000 +CVE-2024-39581,0,0,08782645b0aedc19493e60348c1771c944bcd099d67c7ad17432fb6eec443cce,2024-09-10T09:15:02.993000 +CVE-2024-39582,0,0,edd0909a5fd1f550cd8a12ecb1e1e3b73329cbc4e7e802cd284d25d21331b2fe,2024-09-10T09:15:03.243000 +CVE-2024-39583,0,0,905a4f4d436415db14dbda84aedaeb6c04ea63ee86c134b9bb29ea38828e1d14,2024-09-10T09:15:03.513000 CVE-2024-39584,0,0,1d0a6aff0073f4836d9654764326ceeb368acd09f92344e463ab3214871c70e5,2024-08-28T12:57:27.610000 CVE-2024-39585,0,0,d477ac70d70122b93a30d70fba939fc56092d9a6275e57b99e3a0b2a412cd216,2024-09-06T12:08:04.550000 CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000 @@ -257000,6 +257014,7 @@ CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f CVE-2024-40743,0,0,4e2bb12b39654c0a7fc101446a81422e3ca7ab692f01d12e73f708088891a69c,2024-08-21T12:30:33.697000 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000 +CVE-2024-40754,1,1,d9122d582deda3976a798536b66d3042dfa2d64d4af28eae3c2ad828ac896495,2024-09-10T11:15:10.503000 CVE-2024-4076,0,0,3600a7160ba6cb63d73da78d982aeb737757fd1783e0b44697873d9ae49c2d36,2024-08-01T13:59:24.073000 CVE-2024-40764,0,0,ab85577e2cb5d9a786ef6b191ba8264da7952ad06ab8f1b0e070c99f55710d56,2024-08-01T13:58:00.227000 CVE-2024-40766,0,0,eff4b00cf0f55270aa38e0ff790e6ee6498c48000cd3eb1d26bf51c060a6a61b,2024-09-10T01:00:01.537000 @@ -257336,6 +257351,8 @@ CVE-2024-41161,0,0,9b33361091df6923832caa53c78a9e46bbbedfd096d5512869c0f1eed0413 CVE-2024-41162,0,0,e54fc1a9823f936d00354799974ba06adb4cc451d56f48d5711fb6c0d45b612e,2024-09-04T17:03:53.010000 CVE-2024-41164,0,0,c5521af658e92e64cee6bd40535b27065e46248fed1bc5e43067dc57eef0c4d6,2024-08-19T18:39:06.157000 CVE-2024-4117,0,0,439d2da59fd01a25f254df6698027149837f261eb1a16ba5752d7e62667d1bfc,2024-06-04T19:20:30.043000 +CVE-2024-41170,1,1,f88fad1bfb7ab467cb9762828646661e5f4c81025d5ca326b4c8cb28be35c291,2024-09-10T10:15:11.797000 +CVE-2024-41171,1,1,2a7e7e5794c6216b8609a1e2026ba8733a7343071411fdc3edad825030bdfbed,2024-09-10T10:15:12 CVE-2024-41172,0,0,7f370211b6a2ed7e58844e8bf12bc0dae731f676537ceaaec3667e5da63dc1de,2024-08-07T20:16:45.237000 CVE-2024-41173,0,0,a32d0d9cca7b111b26d35b49c29c3c8130c1f7828fce2b3badc03095e7e93d7f,2024-08-27T13:01:37.913000 CVE-2024-41174,0,0,a822cde4328796519e509a3e4c690c9e9350782e4bad75b387a246a5f3be44f1,2024-08-27T13:01:37.913000 @@ -258025,6 +258042,8 @@ CVE-2024-42340,0,0,708aac03ef44aeea471e9a045b752e905888f9d429c0c9806a766c67411a6 CVE-2024-42341,0,0,234d9ee0d2444d0f626546c3e75285abadcc74d0ab9516ab0f8349b21637c96a,2024-09-09T13:03:38.303000 CVE-2024-42342,0,0,54f316c3acda489d4f5402e147c2f368362071c79662dc92c6705a36381091a9,2024-09-09T13:03:38.303000 CVE-2024-42343,0,0,7ede109c28f5f3cebcd81363a812aca5202eed2bcb3b73c15fbe079b521efbdc,2024-09-09T13:03:38.303000 +CVE-2024-42344,1,1,74b0ceb14495752548a37d882785bd9c2a673cb8f9b46c391c2c91f48edc54e2,2024-09-10T10:15:12.213000 +CVE-2024-42345,1,1,14ebd8c3eb891f7f55414f1c20730864e6625a21e4287f5c3436e4814005c905,2024-09-10T10:15:12.433000 CVE-2024-42347,0,0,9d56c3d6f460e2251d08d50a3e874b7efeb364cadb050367418d1be0b31e15cb,2024-08-12T18:52:08.163000 CVE-2024-42348,0,0,9049ba06c12fadbe924de4e1d7650091813be7f3a3306b9434f7ebd8620eed32,2024-08-05T12:41:45.957000 CVE-2024-42349,0,0,7c83a1a3a31095b7c061367c56e1e2185d3951ede9de2f7c2b93de97074131bc,2024-08-05T12:41:45.957000 @@ -258078,9 +258097,9 @@ CVE-2024-42412,0,0,7ea410a30890f641de68bc8b7a39cf35396bac17868b4fd498b764e1359ef CVE-2024-42416,0,0,0c0ba6b9334c7e838b8d455f49871ca47f5d5630f34ccb39214f945ba545086b,2024-09-05T21:25:09.273000 CVE-2024-42418,0,0,1170a194d58fc93f3e0e1a535dff12de506530448528f0fff3eaea817d001f8b,2024-09-04T18:22:22.583000 CVE-2024-4242,0,0,9c58e9b9e77452c845f3c5179c3be4415982efd0430d3da14ab0345d444eccfb,2024-06-04T19:20:33.363000 -CVE-2024-42424,1,1,1542a5e65ecd29409748683a90258404c9627c00dc2377d2137c6eaebbf58431,2024-09-10T08:15:02.487000 -CVE-2024-42425,1,1,3bbec3a376634b494e8de462739c037fc1456d60ac24547ce7b2fbaf3e4cd2cf,2024-09-10T09:15:03.777000 -CVE-2024-42427,1,1,67ae325a3a00ce58db4a5726b40d847b69639497fdfbe5f9581e529859999228,2024-09-10T08:15:02.760000 +CVE-2024-42424,0,0,1542a5e65ecd29409748683a90258404c9627c00dc2377d2137c6eaebbf58431,2024-09-10T08:15:02.487000 +CVE-2024-42425,0,0,3bbec3a376634b494e8de462739c037fc1456d60ac24547ce7b2fbaf3e4cd2cf,2024-09-10T09:15:03.777000 +CVE-2024-42427,0,0,67ae325a3a00ce58db4a5726b40d847b69639497fdfbe5f9581e529859999228,2024-09-10T08:15:02.760000 CVE-2024-4243,0,0,d19512e4db8434daba47c490442c83df13ecbcadaf4fb9c501fe6a2c921256d5,2024-06-04T19:20:33.497000 CVE-2024-42434,0,0,e55ec0343b5bf13510bf079266ea96be4a27a72a2b479971039dc705ceccc43c,2024-09-04T21:35:50.963000 CVE-2024-42435,0,0,cb81ae05b6c53e011856448307845a07a836fbccf1f7098de171ed65bbb54190,2024-09-04T21:36:53.027000 @@ -258603,16 +258622,16 @@ CVE-2024-43378,0,0,b201eb55fcf5e1b333e5fc1b76defa675188abfea665e05ed68f738cfa202 CVE-2024-43379,0,0,d3e4b3238a29f3c9bcdc737c17326972a39574f3fe6ee0181683ddcdcc0798d3,2024-08-21T12:37:22.800000 CVE-2024-43380,0,0,3bb4c505eaa2eb4e3ea37c153951df14b4a7ccb63e07a242ed00a1ab77df3585,2024-08-21T12:38:00.247000 CVE-2024-43381,0,0,cc3e0e73c6c6a5ab5687bfa997bff6ae33e38e4614aa8ff20ebd73e189ada3b7,2024-08-19T13:00:23.117000 -CVE-2024-43385,1,1,ab52b84d437e742b30741a783662bb72075fbf60129df99e47996f7f17414be5,2024-09-10T09:15:04.150000 -CVE-2024-43386,1,1,d236497afbecc572850bf7e81f23db824639a9d2869ad6160e0e5527b1add454,2024-09-10T09:15:04.400000 -CVE-2024-43387,1,1,71bf4dbdda67fbc94d788f303656a1ed40cb35c0988b40f8038cf2ef3cc5d556,2024-09-10T09:15:04.690000 -CVE-2024-43388,1,1,5b410bb57d9792639b4d39a6771eee31d043693e79277835544930466ada8103,2024-09-10T09:15:04.953000 -CVE-2024-43389,1,1,e068524e6d52462b08c0d2fc80561415a7744c228e124cb70cbda5f6b0e820f6,2024-09-10T09:15:05.220000 +CVE-2024-43385,0,0,ab52b84d437e742b30741a783662bb72075fbf60129df99e47996f7f17414be5,2024-09-10T09:15:04.150000 +CVE-2024-43386,0,0,d236497afbecc572850bf7e81f23db824639a9d2869ad6160e0e5527b1add454,2024-09-10T09:15:04.400000 +CVE-2024-43387,0,0,71bf4dbdda67fbc94d788f303656a1ed40cb35c0988b40f8038cf2ef3cc5d556,2024-09-10T09:15:04.690000 +CVE-2024-43388,0,0,5b410bb57d9792639b4d39a6771eee31d043693e79277835544930466ada8103,2024-09-10T09:15:04.953000 +CVE-2024-43389,0,0,e068524e6d52462b08c0d2fc80561415a7744c228e124cb70cbda5f6b0e820f6,2024-09-10T09:15:05.220000 CVE-2024-4339,0,0,240ed7230e0a6e458ae0cd6534f1dc024d6c16f3537e0357643e823e6aa09596,2024-05-14T16:11:39.510000 -CVE-2024-43390,1,1,635e086e5895c62ccf4426d87214efb933b33d4a2a4c7d224482cc1bbade34e9,2024-09-10T09:15:05.537000 -CVE-2024-43391,1,1,9d95e2d7a4b741ac4fbf7f450c7b61cabb4e32bb8868a6f429268d15a6fa81ed,2024-09-10T09:15:05.760000 -CVE-2024-43392,1,1,5129800a843a5e65ea0d0c6661412ee7d2ebe2381f3c04dc69e78e77e67bbe47,2024-09-10T09:15:06.100000 -CVE-2024-43393,1,1,5f82fe1692097a43858e120613a97e1a3edb31959b77bcb739f8db38aa1d37da,2024-09-10T09:15:06.367000 +CVE-2024-43390,0,0,635e086e5895c62ccf4426d87214efb933b33d4a2a4c7d224482cc1bbade34e9,2024-09-10T09:15:05.537000 +CVE-2024-43391,0,0,9d95e2d7a4b741ac4fbf7f450c7b61cabb4e32bb8868a6f429268d15a6fa81ed,2024-09-10T09:15:05.760000 +CVE-2024-43392,0,0,5129800a843a5e65ea0d0c6661412ee7d2ebe2381f3c04dc69e78e77e67bbe47,2024-09-10T09:15:06.100000 +CVE-2024-43393,0,0,5f82fe1692097a43858e120613a97e1a3edb31959b77bcb739f8db38aa1d37da,2024-09-10T09:15:06.367000 CVE-2024-43395,0,0,e2392bf6475b12db51f31adf2ecd9f40f62cf7ccf326ac732a93b8b209786a49,2024-08-19T13:00:23.117000 CVE-2024-43396,0,0,d3e4db1d56053a512790a84d8c3ae6e21035877ac8c09fe39077f7231484b09e,2024-09-03T18:19:33.167000 CVE-2024-43397,0,0,5caa94926889523c153ff1aaf47669fe6c71771da877710063b3b97c2bc5d0dc,2024-08-26T18:28:42.230000 @@ -258662,6 +258681,7 @@ CVE-2024-4361,0,0,59805155c6666ce54d8263fcaceec5e0fc128f8100df5fb2e590f4610d5a88 CVE-2024-4362,0,0,16bcb3e7fd20cddcf2afd5e423805494786dbf969e82eb67d1ba08cf8ffd4c26,2024-05-22T12:46:53.887000 CVE-2024-4363,0,0,2c7c654c7422e9473b7010560ae2a1c2e3350cf44cdf9b6cc5ffb58dc4446aff,2024-05-15T16:40:19.330000 CVE-2024-4364,0,0,9332cb50f761fbdff3ec7a6ec045f13accb15b963b30845c4aa93399b834b7a1,2024-07-24T20:23:31.487000 +CVE-2024-43647,1,1,a2fbbccb1a07d6b406ef81f3b36a7540699b05890f546a9d6a9e8b9e76b69010,2024-09-10T10:15:12.650000 CVE-2024-4365,0,0,63c2db9b70aba81bf4acd057c8457c31612ae1811b001c9773701935bfb8f554,2024-05-24T01:15:30.977000 CVE-2024-4366,0,0,bbfa79c99a69a6ab3a1454de708e5610ad18f6066e78d9171ac36b6f6e6eece9,2024-05-24T13:03:05.093000 CVE-2024-4367,0,0,53b2562feb1cef4dfbc75c878e502bbc54b7cf80f87613aa8d663f88e3c74ce6,2024-06-10T17:16:33.380000 @@ -258684,6 +258704,7 @@ CVE-2024-43775,0,0,386009b272e00dd7e320eaa82eec20a93bfce64d4bcdb8a26930d34c6fe0d CVE-2024-43776,0,0,27e4419e8ce01901c27e76cb21d9618c21e34d6a14d012499c61adf6cf980a12,2024-09-04T12:27:40.113000 CVE-2024-4378,0,0,09f9e04bae659373b82712486e7efa4baa3211e21ee904b68f572ef978953753,2024-05-24T01:15:30.977000 CVE-2024-43780,0,0,5217ce0351fcb75bd7982f01c3d436316e02e5a2bb3d0e7b3ad2fd10f4519787,2024-08-23T16:18:28.547000 +CVE-2024-43781,1,1,7554dd3bc8f03e7ab38ca05dbd189f120640683861a491771174a8eb7ed4dbbe,2024-09-10T10:15:12.897000 CVE-2024-43782,0,0,ad31aa68786bd9fde8b1f273353ec992f123695e96de48dec8565f96d4b67b40,2024-08-23T16:18:28.547000 CVE-2024-43783,0,0,8724094a2b26e7a1ebe936c2fff47341ed92df1d54128430c04a1c17c54e5dea,2024-08-27T18:33:14.247000 CVE-2024-43785,0,0,865f9ddb4537abd892462a2be2c5b215baf0c6c5f01c60dc5f4805d59a23b528,2024-08-23T16:18:28.547000 @@ -258799,7 +258820,7 @@ CVE-2024-43894,0,0,6de40558bad17c441448a7d840262bc0791f94ad7ca123ebcd8c1333244d5 CVE-2024-43895,0,0,13cc1d75b531dc2fa072bb66cd12a08c75638f9f6b96840f9b9c541de5dd04ae,2024-08-26T12:47:20.187000 CVE-2024-43896,0,0,9e528459b2e50d1f7ce6be809e552e51735f0b29caed43fdd44f11c615a94e16,2024-09-05T18:37:16.483000 CVE-2024-43897,0,0,2b25f81c1149d4543feb64d1945cd77374bca366086287d738b75eb1fb250919,2024-09-05T18:36:30.347000 -CVE-2024-43898,0,1,b70a0322f8294223b16267a9061a592097cc320e64347a35bbaee6def942a528,2024-09-10T08:15:02.960000 +CVE-2024-43898,0,0,b70a0322f8294223b16267a9061a592097cc320e64347a35bbaee6def942a528,2024-09-10T08:15:02.960000 CVE-2024-43899,0,0,1953a8ac8e9197ec884f1f7ed08130ca2ce11e7bc600d6d066b299186890c781,2024-08-27T14:38:19.740000 CVE-2024-4390,0,0,e7e7976abdd60c38776b1ca6e6489a541123a6d22aaefce9d02ee1d97e2bf9c9,2024-07-17T14:10:55.550000 CVE-2024-43900,0,0,4d8a1c377893c2bcc68b32981f4665a8b2876e47e79e3a70bf603165a8c8d4be,2024-08-27T14:38:32.967000 @@ -258877,6 +258898,7 @@ CVE-2024-44076,0,0,d8ab474e3e0cd492e411ba495a07543359555360960989541af9d6ad1fd68 CVE-2024-44082,0,0,eca3489830dade6ed42141e32f34d30f3f0c158d92e0366e9686c819b89d9a20,2024-09-06T15:15:13.180000 CVE-2024-44083,0,0,0fbb97686726ee4d6be299ae185c5a7e6d7807c436d290993d1b41ed0119344c,2024-08-28T15:15:17.050000 CVE-2024-44085,0,0,ecf5951d52699c6f64ad8e35ca78bb63c6655b58c6934de27f2c5efa7e11f59b,2024-09-09T20:15:04.980000 +CVE-2024-44087,1,1,a6429792255090244b31ff0e41380865a4b8d77269495e9b812f63081864ad5a,2024-09-10T10:15:13.140000 CVE-2024-4409,0,0,ef601ae22761768812ec6eb133885b7a6b08c5417903a944100f49b603e1172f,2024-05-24T13:03:11.993000 CVE-2024-4410,0,0,ca43b98286a78ab63b5139b50b93fc074ee9aec4c16e78097aa3514c43622322,2024-07-29T14:12:08.783000 CVE-2024-4411,0,0,9d1b27ccac7555d95c6be5f4488ca4d9772a0570efc26fe6a3f3d131fd0aea06,2024-05-14T16:11:39.510000 @@ -259052,7 +259074,7 @@ CVE-2024-44940,0,0,6d3559648bdfa621b46434f9855de2178fa1de08defe3fd31c71176641a2c CVE-2024-44941,0,0,20521e6b3375de1ef5f8d927ded27494829abd96af181743a86f9f68bd518b56,2024-08-26T12:47:20.187000 CVE-2024-44942,0,0,17b37362bd3ba24b1a5ce481b72105519e3d684fbcb26bdd0327529225c432f3,2024-08-27T16:09:10.010000 CVE-2024-44943,0,0,104222af5b39dfe0ecfd65133686fb7c357c749bea399e402eabbb685deeef38,2024-08-28T12:57:17.117000 -CVE-2024-44944,0,1,e0ea7425a22b863e2537c36eca33f555e79ab9242c3477b220510c50a309c39f,2024-09-10T08:15:03.230000 +CVE-2024-44944,0,0,e0ea7425a22b863e2537c36eca33f555e79ab9242c3477b220510c50a309c39f,2024-09-10T08:15:03.230000 CVE-2024-44945,0,0,a3745a898858327b7fbd2ec8b66c922f7135590f07273b0fe5d696fead01dfa7,2024-09-03T12:59:02.453000 CVE-2024-44946,0,0,baba486800f48daca091ce86b0b3099b94d8fc83c17e121f4572ead5091851fa,2024-09-04T12:15:05.150000 CVE-2024-44947,0,0,4b14bc0a3c1bd2fd38912b40c72c0f57fcdb205b9f9316a706babab2559c3eb1,2024-09-04T12:15:05.240000 @@ -259126,6 +259148,7 @@ CVE-2024-45008,0,0,37dc0718d2dd8ba9fb7eca159ff733be9b954368896d4dc7e665604ee4c36 CVE-2024-4501,0,0,3baebe0a469dd4bf55eae5f370777b6e334d89a3883f98b03d03b2205353433a,2024-06-04T19:20:39.640000 CVE-2024-4502,0,0,f1f89a01c722d6ef2e85e855b85895e43fc279ff3a13e0257efd22aaa2b4c544,2024-06-04T19:20:39.747000 CVE-2024-4503,0,0,580a13ae85da881d7284f0e9b163135d237ab58a854d76134955e6cc28d662e6,2024-06-04T19:20:39.843000 +CVE-2024-45032,1,1,1f58ed5aebae3664e0f0e36b7cfda4ca66a79afddd63b5788c01e63865d4ffd4,2024-09-10T10:15:13.407000 CVE-2024-45034,0,0,6acf56312613a82c5715559f5b4f69be801ce2e626afadd3cfb4d0f3016179e1,2024-09-09T14:35:07.577000 CVE-2024-45036,0,0,b93ba1b942c2a90c7150ffd72c683d09bcb868f6dc285088962d5acc53d2e2e4,2024-08-27T13:01:37.913000 CVE-2024-45037,0,0,0a75dee24a9a0746d4b594073f73eebe38a0d6b0ee92331f507c53bf54c314fe,2024-08-28T12:57:39.090000 @@ -259339,7 +259362,7 @@ CVE-2024-45620,0,0,79d0fcf4ffd9e5c58086135dfac2f9737c74cc4ac6ac6ca9de004adbc8816 CVE-2024-45621,0,0,14a519a8f510b3c3b7a6df78c35235d4501d8bcffdb6cf42158adb38aa1e44bd,2024-09-03T12:59:02.453000 CVE-2024-45622,0,0,a33339926b8b20e966e52f22a13007f367a7fdd9b0655040e29ed073b9b76629,2024-09-03T16:35:09.647000 CVE-2024-45623,0,0,6e76d49f362c221a481237923ca3f07ce122524ae0700d93b755e69d33328599,2024-09-03T15:35:15.360000 -CVE-2024-45625,0,0,53af7c33f57613adac667f62a1646c503b771cde80ecbb17a174be09eec61c83,2024-09-09T13:03:38.303000 +CVE-2024-45625,0,1,3e5f2d639aef0e82608d7bd80d0e32d86a25b4046e30921cb8739a9c3be44b6a,2024-09-10T11:19:40.113000 CVE-2024-4563,0,0,a90af34c00297497a78ff72a2c306ea2262a49c5811c3b8bcaed5ddcefc9b6fb,2024-05-23T16:15:08.867000 CVE-2024-4564,0,0,045273651cbda7642192b25b1ce14ee6220cb16969b1d2c569252c03c480a950,2024-06-13T18:36:09.013000 CVE-2024-4565,0,0,15260fda70e8733111d52b1dae1a14ee33f22d1739a2e8de851c031d5bec2fb8,2024-07-17T14:14:08.750000 @@ -259366,6 +259389,7 @@ CVE-2024-4581,0,0,87f8fe03f507957c50ab3e12c65c26f01a42761aed681f779ccb3bf731c25c CVE-2024-4582,0,0,44a298c10fdfe0ab8acf9c943d89720dd7bed9fa14549ad9833d5c0a75c14780,2024-06-04T19:20:42.750000 CVE-2024-4583,0,0,80422ff6020fca1720c5a88e28ab76aaa9a918b3afa6700e13782e64857c6739,2024-06-04T19:20:42.857000 CVE-2024-4584,0,0,4d639afeee5354fec0a7cf3023bb849f2437d78f7cd875e4a49ac03b46b9ec82,2024-06-17T19:15:58.903000 +CVE-2024-45845,1,1,d6725bd32d51d8db221cdb75ba64c6efbfad72a7cc4c55e91750b4e8e626218c,2024-09-10T11:15:10.660000 CVE-2024-4585,0,0,de8aae2cc9125c3a9e288fcbd9e609876eec68062d1a138bbd8e80f3513a89cb,2024-06-20T20:15:19.110000 CVE-2024-4586,0,0,308ac0f257920a7bf6e50f46839419870b7e733c7917681ea48f64312191a5cb,2024-06-04T19:20:42.953000 CVE-2024-4587,0,0,ccb551f2bab92e34c98709c8a5231b1e8778dd90f0d16bd4ac4c665438d47b6c,2024-06-04T19:20:43.057000 @@ -261063,7 +261087,7 @@ CVE-2024-6588,0,0,67672e854c20766f2e15151fa1e111ec8310b7083a57f535c99159d2ce6e5a CVE-2024-6589,0,0,786a762dda95a3db4c9cdc907a3a2b97d61313e4f2473ece396d13a201bdbeba,2024-08-26T16:21:36.530000 CVE-2024-6591,0,0,ba434f770e77a561bd09877a3c29228f51c9818a995d0175b55ef4d80494af35,2024-07-29T14:12:08.783000 CVE-2024-6595,0,0,1592dd03cd1b2c459ee5de6a924fab7f4c8bad5124f72f8b639c71537346952d,2024-08-30T14:15:17.063000 -CVE-2024-6596,1,1,bee0885163c198e04598019344a5f713e2990259e037a39b034eda8daade346e,2024-09-10T08:15:03.350000 +CVE-2024-6596,0,0,bee0885163c198e04598019344a5f713e2990259e037a39b034eda8daade346e,2024-09-10T08:15:03.350000 CVE-2024-6598,0,0,fb802128b1cfc176540749693b684b4374936099ab1c7948c1ec819266291908,2024-07-09T18:19:14.047000 CVE-2024-6599,0,0,6a69a16a0a8781527f95db9310983c42c357e28a72f780fd79d80c9654364b86,2024-07-18T12:28:43.707000 CVE-2024-6600,0,0,8a7bdd7b6969fa6cd69a1854f6f2130a9698184b9485e28b1c9cbb32470416d8,2024-07-16T18:15:08.737000 @@ -261785,7 +261809,7 @@ CVE-2024-7613,0,0,595ae1d3f56b81eeb34ef1e184ddf7962f3a8fbfc042ff77a8fcf0bd3f10f2 CVE-2024-7614,0,0,70ea68e630891f9909a0a8afd3fe5566dad840edc8df033b5c308064cf074a69,2024-08-21T18:48:47.273000 CVE-2024-7615,0,0,bdb4e2a47bb0b635ad5424e7dee382fdbc667ab1983b9e7b4b79b80817773efa,2024-08-21T18:48:19.590000 CVE-2024-7616,0,0,240142a7cf93711d379b14c2a6284d004fd0a2d1c674fc02d32efdd57aa3e2bd,2024-08-13T16:59:39.517000 -CVE-2024-7618,1,1,e90f66013f2521a8b364310d9018a7d82217e9044c4c5a2aeb53003036c12458,2024-09-10T08:15:03.620000 +CVE-2024-7618,0,0,e90f66013f2521a8b364310d9018a7d82217e9044c4c5a2aeb53003036c12458,2024-09-10T08:15:03.620000 CVE-2024-7619,0,0,52e157835f9b49014d03653876a6177ba54feacc6eb580f7a52506ce1aa54bb3,2024-09-03T18:15:09.223000 CVE-2024-7620,0,0,2469206363fd07a16a5de81f046bd6f1d56a8441f8330f436267f4dce05a3b0c,2024-09-09T13:03:38.303000 CVE-2024-7621,0,0,07161284faa2eb0637370b6ff462e631787a37850cefb6ac5fa6750545dd7050,2024-08-12T13:41:36.517000 @@ -261816,7 +261840,7 @@ CVE-2024-7649,0,0,3d0b3905ac20943345a47479273aed49759614ef3fae3b2688335294d499ed CVE-2024-7651,0,0,386a7bb7aa0b4a32ced6fe813025ac2a231789f032ca2ee2a42adaaefdd20a30,2024-08-31T03:28:02.947000 CVE-2024-7652,0,0,c7f694e385002b920efe17a183ba7538023c7cf88dd53a372f2912343dfa2405,2024-09-09T13:03:38.303000 CVE-2024-7654,0,0,49383a5796e66ab6802124ac3212336a9fa34e97b446554c0840904b1dbfce6f,2024-09-05T13:53:16.540000 -CVE-2024-7655,1,1,70e400fbb862b136de261fedb7a4862c81e7c64a07dd119826b52912431fc9b8,2024-09-10T08:15:03.830000 +CVE-2024-7655,0,0,70e400fbb862b136de261fedb7a4862c81e7c64a07dd119826b52912431fc9b8,2024-09-10T08:15:03.830000 CVE-2024-7656,0,0,54bddf4f1c99f206f2f263928ecdc7b2851230b8a0f25d44b79aae993350ca70,2024-08-26T12:47:20.187000 CVE-2024-7657,0,0,b71ee6cae903ac873f30f4d097ac987c873f0095983bc9620eda1ffab659d5b8,2024-08-15T17:48:20.920000 CVE-2024-7658,0,0,832a65f53a452b2fa1561cdaae82b94e5ac7d59bc491a09b3cdc773f704d8588,2024-08-13T17:00:19.800000 @@ -261850,8 +261874,8 @@ CVE-2024-7692,0,0,53a3a528e0e26eebc3a24b8375fbb7b9fd52b7aeb81816897422b7295867b4 CVE-2024-7693,0,0,8f49e917567dbf3d83b8fab0c0f87defce06a4391222113e25ab3be3d08b6e06,2024-09-06T16:51:35.647000 CVE-2024-7694,0,0,915a620e49de11e538187b87ae1859b4dd8b81a9c117898d10d07c783b69fb2e,2024-09-06T17:24:42.573000 CVE-2024-7697,0,0,56fc87c2b950fc0d4b7d08c76bcec1377c688ea98c921a8e581bb6c082412bb3,2024-09-06T18:04:28.030000 -CVE-2024-7698,1,1,0b6376f241ae0c60b1330c3a639882331c33933f962ae7ffc74cf0e49e3f0261,2024-09-10T09:15:06.847000 -CVE-2024-7699,1,1,3324900fac248b686cd3c8a74a38ad91329a8e7f4c6ebf88138ab71b25ab47da,2024-09-10T09:15:07.180000 +CVE-2024-7698,0,0,0b6376f241ae0c60b1330c3a639882331c33933f962ae7ffc74cf0e49e3f0261,2024-09-10T09:15:06.847000 +CVE-2024-7699,0,0,3324900fac248b686cd3c8a74a38ad91329a8e7f4c6ebf88138ab71b25ab47da,2024-09-10T09:15:07.180000 CVE-2024-7700,0,0,3e081f65a743f7c2243d16cda14609415c7128fbdf01790b4350a9589b48c796,2024-08-12T18:57:17.383000 CVE-2024-7702,0,0,35104b2d835bcff771d3508b754ac4f00b960fb6fd0cdfa84ab47a794def21ca,2024-08-26T18:15:46.870000 CVE-2024-7703,0,0,4fed134c1a88e3f28368f1aeb0423ea22cd742b65dcb7d77a318829e8e6bb6ba,2024-08-19T12:59:59.177000 @@ -261874,7 +261898,7 @@ CVE-2024-7729,0,0,2bbcc23121d3cbbbfd7b7747e3325c391cd14964f404891acd614a24c4694f CVE-2024-7731,0,0,e84a2998e171304858ad1fb8b038e10b362c1589200ef021af448b39d41434b9,2024-08-22T14:40:00.913000 CVE-2024-7732,0,0,d07658c10ed57e2a3eecd9b14e76e8eed0b7a7133550030a1f5039eb59d98d22,2024-08-14T13:00:37.107000 CVE-2024-7733,0,0,d6f0b33872e43d23ba993c9827febac1a615268a96a44f431f426f7460340dba,2024-08-14T02:07:05.410000 -CVE-2024-7734,1,1,f99fb48ee14fd68b07dff866586634f0252d5e4a48e22b87e399dd49e3bc08c2,2024-09-10T08:15:04.020000 +CVE-2024-7734,0,0,f99fb48ee14fd68b07dff866586634f0252d5e4a48e22b87e399dd49e3bc08c2,2024-09-10T08:15:04.020000 CVE-2024-7738,0,0,9abbf70090d4bac2436939ae1d7e5b66071c9e95d911875233a210759cede2ef,2024-08-14T02:07:05.410000 CVE-2024-7739,0,0,48d24e6c734bdd0aabede58961a2ddba8bd9566478ef049fa21ee7be6d7677d2,2024-08-14T02:07:05.410000 CVE-2024-7740,0,0,b6b97e22b2a1c91ed733b5ea0db90c7ca386835aea8a2536d78b137aa899a052,2024-08-21T19:06:30.707000 @@ -261892,6 +261916,7 @@ CVE-2024-7752,0,0,a2329e23410b1feec53d6ea38469016e280edd824b17c574fc21bf18179470 CVE-2024-7753,0,0,8d87f0b2095698ec5201c016f27ad170e6b85d6a83cdb1acca64ef97e59384ac,2024-08-19T17:47:49.083000 CVE-2024-7754,0,0,aa642088260d14c06ef027c5ebe72633a842f86ac8e6448a2c0c42d526be8fa5,2024-08-19T17:48:15.203000 CVE-2024-7757,0,0,ca7d079474a8e4f4b2f55e1721105da3a15a9e1d63f2bd4356eaaa03e8d55f39,2024-08-21T09:15:04.973000 +CVE-2024-7770,1,1,015b5490c1231d0b92b2413a6e8ee47012159b8b0eaa036522ed888d8f392cf5,2024-09-10T11:15:10.780000 CVE-2024-7775,0,0,e75f99322bf942cd40c2d94981e16e48a8ebca7abec8ba8da6e02adea2112f97,2024-08-26T18:18:22.887000 CVE-2024-7777,0,0,4a2d78b8605a3d4db2907c7fe28bc447e2c0379246d7b81936de12aa55ddf523,2024-08-26T18:19:19.507000 CVE-2024-7778,0,0,3bccf24c2d6c26e9b97b53b6049aaebd5856252add9958ab8944d96a94251b86,2024-08-22T12:48:02.790000 @@ -262158,11 +262183,12 @@ CVE-2024-8230,0,0,51972d3a01eef60d4ec2fcebcc43d9f517d40a0a396b61ca7c24bdef0d5fcb CVE-2024-8231,0,0,19b769716e3fff898a72bf0ee7d68779b61ab99af63bed31a0498759613ebd4e,2024-08-28T12:57:27.610000 CVE-2024-8234,0,0,870a131a53db84d6497bde7de38de6b7411ad7686be0738cd78fff93fab14909,2024-08-30T13:00:05.390000 CVE-2024-8235,0,0,7072b68d002bcf4f9595f61b4137bd3d5b31c93ce76df9863ff0a1c3da8ed948,2024-09-03T12:59:02.453000 +CVE-2024-8241,1,1,d8aed6ee9286b2aa9016d56e234e7bf8e4b5e668ea903b65f75994a1e5904926,2024-09-10T10:15:13.653000 CVE-2024-8247,0,0,5202f9f70242e6e766f5bf4ee04774da230414090293c913b32ce2eadeefe661,2024-09-06T12:08:04.550000 CVE-2024-8250,0,0,9b93a65d8c7dcee06e07a2e2b390d716b51503d05b493ec48aa5a8756ae94b8c,2024-08-30T16:32:16.917000 CVE-2024-8252,0,0,36e1aa114a02ff2bf925a636a4ed4135ae0e6011078bf9fd8b3aff586823c205,2024-09-03T14:31:27.243000 CVE-2024-8255,0,0,c6874ac38c80acc73ad7edcdfa1b6810f24be9f578842829800024511d128d5a,2024-09-06T22:53:34.187000 -CVE-2024-8258,1,1,154510660de3a5f7fd31db666136060100dc40eccec50d5817aa677aadd9600f,2024-09-10T09:15:07.497000 +CVE-2024-8258,0,0,154510660de3a5f7fd31db666136060100dc40eccec50d5817aa677aadd9600f,2024-09-10T09:15:07.497000 CVE-2024-8260,0,0,812d2a62f9a14f293d2814006504d857c705848c99804aae9066abfa5d1408ba,2024-09-03T12:59:02.453000 CVE-2024-8268,0,0,19698d2ff5d82db2ae743a122534da67a187f2f6f912961a5504ef6cf90e8b6b,2024-09-10T03:15:03.690000 CVE-2024-8274,0,0,81f15088246893eaf3249a3304ee5d5199071263c8883a7f9f22c293a16a376a,2024-09-03T14:28:06.853000 @@ -262267,6 +262293,7 @@ CVE-2024-8517,0,0,3800f6b128aab40f688c971c9a9e47c0b6a42cbdd5c8d94b7cf3eaf620f48f CVE-2024-8521,0,0,65485edaf907369f60ded6330bfa86fc3cb4b0554a8f781a990c000b1998cccb,2024-09-09T13:03:38.303000 CVE-2024-8523,0,0,97cab60ebb5ec07bfc3fbe69bde3146d8e6846c5d869fc10534b5a2c3c29806e,2024-09-09T13:03:38.303000 CVE-2024-8538,0,0,cdc95bc68a4038527ba5cf51b0a8358b05e3a1650fc8124f586021fbca5ad9b3,2024-09-09T13:03:38.303000 +CVE-2024-8543,1,1,bc558239a2fe3a7e58b37ab375a36d1a7ff0f095c997b8895bfc883de219ab38,2024-09-10T10:15:13.887000 CVE-2024-8554,0,0,4cf504871442fcb0d84a21da28ddfae2465e0b33b1fe7bfdf35784130157a585,2024-09-09T13:03:38.303000 CVE-2024-8555,0,0,b6a2386ed27e3c15f87a10f0caf63bea3e02c0e81c71fb6c48c17029c2525502,2024-09-09T13:03:38.303000 CVE-2024-8557,0,0,d956d0b1de890824833231cfe4294c7751ca4754efdbac52614ee252b9d18dba,2024-09-09T13:03:38.303000 @@ -262303,3 +262330,4 @@ CVE-2024-8604,0,0,03dd9ea4b720aacc0e1e1cce008473e1a786aeb7eaa9fc848b1a9d53cc790e CVE-2024-8605,0,0,05de9fb886966e208a1d4ea135c5ccec7205233c650e87f0027c612a99575815,2024-09-09T18:30:12.050000 CVE-2024-8610,0,0,63b96f80e9a9898c58020000e622cb8b59201d23bb4c4b89a20f83f5c7c43556,2024-09-09T21:15:13.127000 CVE-2024-8611,0,0,2ce4149f95f488455d8f3a44e91cf576ec7c412385aeea29e6e18c729ee34c96,2024-09-09T21:15:13.377000 +CVE-2024-8645,1,1,662e85fdb9aff9f2649eabb0f52f851fd2de1785f64524d54fe76dc151517f3b,2024-09-10T10:15:14.113000