admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-540xx/CVE-2024-54015.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

104 lines
8.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-54015",
"sourceIdentifier": "productcert@siemens.com",
"published": "2025-02-11T11:15:15.227",
"lastModified": "2025-02-11T11:15:15.227",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones &lt; V9.90), SIPROTEC 5 6MD85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 6MD86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 6MD89 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 6MU85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7KE85 (CP300) (Todas las versiones &gt;= V8.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SA86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SA87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SD82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SD86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SD87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SK82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SK85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SL82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SL86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SL87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SS85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7ST85 (CP300) (Todas las versiones &gt;= V8.80), SIPROTEC 5 7ST86 (CP300) (Todas las versiones), SIPROTEC 5 7SX82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SX85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SY82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7UM85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7UT82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7UT85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7UT86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7UT87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7VE85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7VK87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7VU85 (CP300) (Todas las versiones &lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BA-2EL (Rev.2) (Todas las versiones &lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BB-2FO (Rev. 2) (Todas las versiones &lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BD-2FO (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (Todas las versiones &gt;= V9.50 &lt; V9.90). Los dispositivos afectados no validan correctamente las solicitudes SNMP GET. Esto podr\u00eda permitir que un atacante remoto no autenticado recupere informaci\u00f3n confidencial de los dispositivos afectados con solicitudes SNMPv2 GET utilizando credenciales predeterminadas."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1392"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-767615.html",
"source": "productcert@siemens.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink