Common Weakness Enumeration
CWE-394
AllowedUnexpected Status Code or Return Value
Abstraction: Base · Status: Draft
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.
26 vulnerabilities reference this CWE, most recent first.
CVE-2026-25085 (GCVE-0-2026-25085)
Vulnerability from cvelistv5 – Published: 2026-02-27 00:33 – Updated: 2026-03-02 18:58
VLAI
EPSS
VEX
Title
Copeland XWEB and XWEB Pro Unexpected Status Code or Return Value
Summary
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in
which an unexpected return value from the authentication routine is
later on processed as a legitimate value, resulting in an authentication
bypass.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Copeland | Copeland XWEB 300D PRO |
Affected:
0 , ≤ 1.12.1
(custom)
|
|
| Copeland | Copeland XWEB 500D PRO |
Affected:
0 , ≤ 1.12.1
(custom)
|
|
| Copeland | Copeland XWEB 500B PRO |
Affected:
0 , ≤ 1.12.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T18:58:41.870013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T18:58:50.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Copeland XWEB 300D PRO",
"vendor": "Copeland",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Copeland XWEB 500D PRO",
"vendor": "Copeland",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Copeland XWEB 500B PRO",
"vendor": "Copeland",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amir Zaltzman and Noam Moshe of Claroty Team82 reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in\n which an unexpected return value from the authentication routine is \nlater on processed as a legitimate value, resulting in an authentication\n bypass."
}
],
"value": "A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in\n which an unexpected return value from the authentication routine is \nlater on processed as a legitimate value, resulting in an authentication\n bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T00:33:06.657Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Copeland has provided a fix for the vulnerabilities and recommends users\n update the XWEB Pro to the latest version by going to their software \nupdate page \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate\"\u003ehttps://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate\u003c/a\u003e in the \nsections dedicated to the different XWEBPRO models page.\n\n\u003cbr\u003e"
}
],
"value": "Copeland has provided a fix for the vulnerabilities and recommends users\n update the XWEB Pro to the latest version by going to their software \nupdate page \n https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the \nsections dedicated to the different XWEBPRO models page."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Alternatively, a user logged into an XWEB Pro with internet access can \nupdate XWEB Pro directly from Copeland servers via the menu SYSTEM -- \nUpdates | Network.\n\n\u003cbr\u003e"
}
],
"value": "Alternatively, a user logged into an XWEB Pro with internet access can \nupdate XWEB Pro directly from Copeland servers via the menu SYSTEM -- \nUpdates | Network."
}
],
"source": {
"advisory": "ICSA-26-057-10",
"discovery": "EXTERNAL"
},
"title": "Copeland XWEB and XWEB Pro Unexpected Status Code or Return Value",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-25085",
"datePublished": "2026-02-27T00:33:06.657Z",
"dateReserved": "2026-02-05T19:05:16.849Z",
"dateUpdated": "2026-03-02T18:58:50.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48510 (GCVE-0-2025-48510)
Vulnerability from cvelistv5 – Published: 2025-11-24 20:56 – Updated: 2025-11-24 21:07
VLAI
EPSS
VEX
Summary
Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
1 reference
Date Public
2025-11-24 20:58
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:06:59.280724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:07:15.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD \u03bcProf",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported through AMD Bug Bounty Program"
}
],
"datePublic": "2025-11-24T20:58:29.593Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability. \u003cbr\u003e"
}
],
"value": "Improper return value within AMD uProf can allow a local attacker to bypass KSLR, potentially resulting in loss of confidentiality or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T20:58:56.416Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9019.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-48510",
"datePublished": "2025-11-24T20:56:39.348Z",
"dateReserved": "2025-05-22T16:34:02.896Z",
"dateUpdated": "2025-11-24T21:07:15.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23013 (GCVE-0-2025-23013)
Vulnerability from cvelistv5 – Published: 2025-01-15 00:00 – Updated: 2025-02-03 10:03
VLAI
EPSS
VEX
Summary
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-03T10:03:09.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/15/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/16/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/16/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/16/5"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T14:51:01.272240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T14:51:14.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pam-u2f",
"vendor": "Yubico",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yubico:pam-u2f:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user\u0027s password."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T03:56:38.534Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.yubico.com/support/security-advisories/ysa-2025-01/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-23013",
"datePublished": "2025-01-15T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-03T10:03:09.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22854 (GCVE-0-2025-22854)
Vulnerability from cvelistv5 – Published: 2025-06-15 15:00 – Updated: 2025-06-16 18:07
VLAI
EPSS
VEX
Title
Possible thread exhaustion from processing http responses in PingFederate Google Adapter
Summary
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.pingidentity.com/en/resources/downloa… | patch |
| https://docs.pingidentity.com/integrations/google… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ping Identity | PingFederate |
Affected:
1.0.1 , < 1.5.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:07:24.657856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:07:39.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Google Adapter",
"platforms": [
"Windows",
"Linux"
],
"product": "PingFederate",
"vendor": "Ping Identity",
"versions": [
{
"lessThan": "1.5.2",
"status": "affected",
"version": "1.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of non-200 http responses in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;the PingFederate Google Adapter\u003c/span\u003e\u0026nbsp;leads to thread exhaustion under normal usage conditions."
}
],
"value": "Improper handling of non-200 http responses in\u00a0the PingFederate Google Adapter\u00a0leads to thread exhaustion under normal usage conditions."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:P/AU:Y/R:A/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-15T15:00:06.010Z",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.pingidentity.com/integrations/google/google_login_integration_kit/pf_google_cic_changelog.html"
}
],
"source": {
"advisory": "SECADV048",
"defect": [
"IK-3678"
],
"discovery": "USER"
},
"title": "Possible thread exhaustion from processing http responses in PingFederate Google Adapter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2025-22854",
"datePublished": "2025-06-15T15:00:06.010Z",
"dateReserved": "2025-01-13T16:41:43.959Z",
"dateUpdated": "2025-06-16T18:07:39.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12516 (GCVE-0-2025-12516)
Vulnerability from cvelistv5 – Published: 2025-10-30 15:42 – Updated: 2025-10-30 17:24
VLAI
EPSS
VEX
Title
Lack of Graceful Error Handling - HTTP 5xx Error
Summary
Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Azure Access Technology | BLU-IC2 |
Affected:
0 , ≤ 1.19.5
(semver)
|
|
| Azure Access Technology | BLU-IC4 |
Affected:
0 , ≤ 1.19.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T17:24:29.354208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:24:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BLU-IC2",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BLU-IC4",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Schaller"
},
{
"lang": "en",
"type": "finder",
"value": "Benjamin Lafois"
},
{
"lang": "en",
"type": "finder",
"value": "Alexi Bitsios"
},
{
"lang": "en",
"type": "finder",
"value": "Sebastian Toscano"
},
{
"lang": "en",
"type": "finder",
"value": "Dominik Schneider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of Graceful Error Handling - HTTP 5xx Error\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
}
],
"value": "Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T15:42:21.656Z",
"orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"shortName": "azure-access"
},
"references": [
{
"url": "https://azure-access.com/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Lack of Graceful Error Handling - HTTP 5xx Error",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"assignerShortName": "azure-access",
"cveId": "CVE-2025-12516",
"datePublished": "2025-10-30T15:42:21.656Z",
"dateReserved": "2025-10-30T15:39:53.087Z",
"dateUpdated": "2025-10-30T17:24:46.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12515 (GCVE-0-2025-12515)
Vulnerability from cvelistv5 – Published: 2025-10-30 15:38 – Updated: 2025-10-30 17:27
VLAI
EPSS
VEX
Title
Systemic Internal Server Errors - HTTP 500 Response
Summary
Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Azure Access Technology | BLU-IC2 |
Affected:
0 , ≤ 1.19.5
(semver)
|
|
| Azure Access Technology | BLU-IC4 |
Affected:
0 , ≤ 1.19.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T17:25:50.601327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T17:27:30.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BLU-IC2",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BLU-IC4",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Schaller"
},
{
"lang": "en",
"type": "finder",
"value": "Benjamin Lafois"
},
{
"lang": "en",
"type": "finder",
"value": "Alexi Bitsios"
},
{
"lang": "en",
"type": "finder",
"value": "Sebastian Toscano"
},
{
"lang": "en",
"type": "finder",
"value": "Dominik Schneider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Systemic Internal Server Errors - HTTP 500 Response\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .\u003c/p\u003e"
}
],
"value": "Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 ."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T15:38:45.150Z",
"orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"shortName": "azure-access"
},
"references": [
{
"url": "https://azure-access.com/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Systemic Internal Server Errors - HTTP 500 Response",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"assignerShortName": "azure-access",
"cveId": "CVE-2025-12515",
"datePublished": "2025-10-30T15:38:45.150Z",
"dateReserved": "2025-10-30T15:38:05.929Z",
"dateUpdated": "2025-10-30T17:27:30.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-1713 (GCVE-0-2024-1713)
Vulnerability from cvelistv5 – Published: 2024-03-14 20:14 – Updated: 2024-08-02 20:49
VLAI
EPSS
VEX
Title
Plv8 Deferred Trigger Privilege Escalation
Summary
A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:plv8:plv8:3.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "plv8",
"vendor": "plv8",
"versions": [
{
"status": "affected",
"version": "3.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1713",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T15:49:59.325827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T20:49:14.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Plv8",
"product": "Plv8",
"vendor": "Plv8",
"versions": [
{
"status": "affected",
"version": "3.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T20:14:28.611Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Plv8 Deferred Trigger Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-1713",
"datePublished": "2024-03-14T20:14:28.611Z",
"dateReserved": "2024-02-21T16:48:28.219Z",
"dateUpdated": "2024-08-02T20:49:14.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48429 (GCVE-0-2023-48429)
Vulnerability from cvelistv5 – Published: 2023-12-12 11:27 – Updated: 2026-02-25 16:34
VLAI
EPSS
VEX
Summary
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:35.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-06T05:01:19.103290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:34:34.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC INS (All versions \u003c V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394: Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T11:27:20.840Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-48429",
"datePublished": "2023-12-12T11:27:20.840Z",
"dateReserved": "2023-11-16T16:30:40.849Z",
"dateUpdated": "2026-02-25T16:34:34.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28975 (GCVE-0-2023-28975)
Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-05 21:42
VLAI
EPSS
VEX
Title
Junos OS: The kernel will crash when certain USB devices are inserted
Summary
An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The device will continue to crash as long as the USB device is connected. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2, 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2; 22.4 versions prior to 22.4R2.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
- Denial of Service (DoS)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.4R3-S10
(custom)
Affected: 20.2 , < 20.2R3-S7 (custom) Affected: 20.3 , < 20.3R3-S6 (custom) Affected: 20.4 , < 20.4R3-S5 (custom) Affected: 21.1 , < 21.1R3-S4 (custom) Affected: 21.2 , < 21.2R3-S4 (custom) Affected: 21.3 , < 21.3R3-S3 (custom) Affected: 21.4 , < 21.4R3-S2 (custom) Affected: 22.1 , < 22.1R2-S2, 22.1R3 (custom) Affected: 22.2 , < 22.2R2 (custom) Affected: 22.3 , < 22.3R1-S1, 22.3R2 (custom) Affected: 22.4 , < 22.4R2 (custom) |
Date Public
2023-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70600"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:42:40.742252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:42:59.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S7",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S6",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S5",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S4",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S2",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2-S2, 22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R1-S1, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The device will continue to crash as long as the USB device is connected. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2, 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2; 22.4 versions prior to 22.4R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70600"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S7, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S4, 21.3R3-S3, 21.4R3-S2, 22.1R2-S2, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2, 22.4R2, 23.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70600",
"defect": [
"1638519"
],
"discovery": "USER"
},
"title": "Junos OS: The kernel will crash when certain USB devices are inserted",
"workarounds": [
{
"lang": "en",
"value": "To reduce the risk of exploitation utilize common security BCPs to limit physical access to the devices.."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28975",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:42:59.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25948 (GCVE-0-2023-25948)
Vulnerability from cvelistv5 – Published: 2023-07-13 11:09 – Updated: 2025-03-05 18:50
VLAI
EPSS
VEX
Title
Server Data type confusion - info leak
Summary
Server information leak of configuration data when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-394 - Unexpected Status Code or Return Value
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://process.honeywell.com |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Honeywell | Experion Server |
Affected:
501.1 , ≤ 501.6HF8
(semver)
Affected: 510.1 , ≤ 510.2HF12 (semver) Affected: 511.1 , ≤ 511.5TCU3 (semver) Affected: 520.1 , ≤ 520.1TCU4 (semver) Affected: 520.2 , ≤ 520.2TCU2 (semver) |
|
| Honeywell | Experion Station |
Affected:
501.1 , ≤ 501.6HF8
(semver)
Affected: 510.1 , ≤ 510.2HF12 (semver) Affected: 511.1 , ≤ 511.5TCU3 (semver) Affected: 520.1 , ≤ 520.1TCU4 (semver) Affected: 520.2 , ≤ 520.2TCU2 (semver) |
|
| Honeywell | Engineering Station |
Affected:
510.1 , ≤ 511.5TCU3
(semver)
Affected: 520.1 , ≤ 520.1TCU4 (semver) Affected: 520.2 , ≤ 520.2TCU2 (semver) |
|
| Honeywell | Direct Station |
Affected:
510.5 , ≤ 511.5TCU3
(semver)
Affected: 520.1 , ≤ 520.1TCU4 (semver) Affected: 520.2 , ≤ 520.2TCU2 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://process.honeywell.com"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:38:39.637263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:50:14.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Experion Server",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion PKS"
],
"product": "Experion Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "501.6HF8",
"status": "affected",
"version": "501.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "510.2HF12",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "511.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "Engineering Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Experion LX",
"Experion PlantCruise"
],
"product": "Direct Station",
"vendor": "Honeywell",
"versions": [
{
"lessThanOrEqual": "511.5TCU3",
"status": "affected",
"version": "510.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.1TCU4",
"status": "affected",
"version": "520.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "520.2TCU2",
"status": "affected",
"version": "520.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server information leak of configuration data when an error is generated in response to a specially crafted message.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSee Honeywell Security Notification for recommendations on upgrading and versioning. \u003c/span\u003e\n\n"
}
],
"value": "Server information leak of configuration data when an error is generated in response to a specially crafted message.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning. \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6: Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-394",
"description": "CWE-394 Unexpected Status Code or Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-22T16:00:47.166Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://process.honeywell.com"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Server Data type confusion - info leak ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-25948",
"datePublished": "2023-07-13T11:09:30.893Z",
"dateReserved": "2023-02-28T23:51:16.642Z",
"dateUpdated": "2025-03-05T18:50:14.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.