Common Weakness Enumeration

CWE-703

Discouraged

Improper Check or Handling of Exceptional Conditions

Abstraction: Pillar · Status: Incomplete

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

211 vulnerabilities reference this CWE, most recent first.

CVE-2024-39815 (GCVE-0-2024-39815)

Vulnerability from cvelistv5 – Published: 2024-08-08 19:33 – Updated: 2024-08-21 20:04
VLAI
Title
Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions
Summary
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Vonets VAR1200-H Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAR1200-L Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAR600-H Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11AC Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G-500S Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VBG1200 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11S-5G Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11S Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAR11N-300 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G-300 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11N-300 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VAP11G-500 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
Vonets VGA-1000 Affected: 0 , ≤ 3.3.23.6.9 (custom)
Create a notification for this product.
vonets var1200-h_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets var1200-l_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets var600-h_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11ac_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11g-500s_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vbg1200_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11s-5g_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11s_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets var11n-300_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11n-300_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11g_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vga-1000_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
vonets vap11g-300_firmware Affected: 0 , ≤ 3.3.23.6.9 (custom)
    cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Wodzen reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:vonets:var1200-h_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var1200-h_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:var1200-l_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var1200-l_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:var600-h_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var600-h_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11ac_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11ac_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11g-500s_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11g-500s_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vbg1200_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vbg1200_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11s-5g_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11s-5g_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11s_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11s_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:var11n-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "var11n-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11n-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11g_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11g_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vga-1000_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vga-1000_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11g-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11g-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vonets:vap11n-300_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vap11n-300_firmware",
            "vendor": "vonets",
            "versions": [
              {
                "lessThanOrEqual": "3.3.23.6.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39815",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T14:41:59.876924Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T20:04:38.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VAR1200-H",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAR1200-L",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAR600-H",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11AC",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G-500S",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VBG1200",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11S-5G",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11S",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAR11N-300",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G-300",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11N-300",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11G-500",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VBG1200",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VAP11AC",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VGA-1000",
          "vendor": "Vonets",
          "versions": [
            {
              "lessThanOrEqual": "3.3.23.6.9",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wodzen reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
            }
          ],
          "value": "Improper check or handling of exceptional conditions vulnerability \naffecting Vonets\n\n \n\n industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated \nremote attacker to cause a denial of service. A specially-crafted \nHTTP request to pre-authentication resources can crash the service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-08T19:43:20.731Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08"
        }
      ],
      "source": {
        "advisory": "ICSA-24-214-08",
        "discovery": "EXTERNAL"
      },
      "title": "Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com\"\u003eVonets support\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Vonets has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of the affected products are encouraged to \ncontact  Vonets support https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/support@vonets.com  for additional information."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-39815",
    "datePublished": "2024-08-08T19:33:35.137Z",
    "dateReserved": "2024-07-30T16:15:10.109Z",
    "dateUpdated": "2024-08-21T20:04:38.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39514 (GCVE-0-2024-39514)

Vulnerability from cvelistv5 – Published: 2024-07-10 23:05 – Updated: 2024-08-02 04:26
VLAI
Title
Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. This issue affects Junos OS: * All versions before 20.4R3-S10,  * from 21.4 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3,  * from 23.2 before 23.2R2; Junos OS Evolved: * All versions before 20.4R3-S10-EVO,  * from 21.4-EVO before 21.4R3-S6-EVO,  * from 22.1-EVO before 22.1R3-S5-EVO,  * from 22.2-EVO before 22.2R3-S3-EVO,  * from 22.3-EVO before 22.3R3-S2-EVO,  * from 22.4-EVO before 22.4R3-EVO,  * from 23.2-EVO before 23.2R2-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 20.4R3-S10 (semver)
Affected: 21.4 , < 21.4R3-S6 (semver)
Affected: 22.1 , < 22.1R3-S5 (semver)
Affected: 22.2 , < 22.2R3-S3 (semver)
Affected: 22.3 , < 22.3R3-S2 (semver)
Affected: 22.4 , < 22.4R3 (semver)
Affected: 23.2 , < 23.2R2 (semver)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: 0 , < 20.4R3-S10-EVO (semver)
Affected: 21.4-EVO , < 21.4R3-S6-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S5-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-S2-EVO (semver)
Affected: 22.4-EVO , < 22.4R3-EVO (semver)
Affected: 23.2-EVO , < 23.2R2-EVO (semver)
Create a notification for this product.
Date Public
2024-07-10 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T13:56:58.930100Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T18:47:32.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA82980"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S6",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S5",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S2",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S10-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S6-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S5-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S2-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "EVPN-VPWS can be configured with the following:\u0026nbsp; \u0026nbsp;\u003cbr\u003e\u003ctt\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; instance-type evpn-vpws ]\u003cbr\u003e[ routing-instances \u0026lt;instance-name\u0026gt; interface \u0026lt;interface\u0026gt; ]\u003c/tt\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIGMP-snooping can be enabled with the following configuration line:\u003cbr\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; bridge-domains \u0026lt;name\u0026gt; igmp-snooping vlan \u0026lt;vlan\u0026gt; ]\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e"
            }
          ],
          "value": "EVPN-VPWS can be configured with the following:\u00a0 \u00a0\n[ routing-instances \u003cinstance-name\u003e instance-type evpn-vpws ]\n[ routing-instances \u003cinstance-name\u003e interface \u003cinterface\u003e ]\n\nIGMP-snooping can be enabled with the following configuration line:\n[ routing-instances \u003cinstance-name\u003e bridge-domains \u003cname\u003e igmp-snooping vlan \u003cvlan\u003e ]"
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\u003cbr\u003e\u003cbr\u003eThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4 before 21.4R3-S6,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2 before 23.2R2;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S6-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3-EVO before 22.3R3-S2-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
            }
          ],
          "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n  *  All versions before 20.4R3-S10,\u00a0\n  *  from 21.4 before 21.4R3-S6,\u00a0\n  *  from 22.1 before 22.1R3-S5,\u00a0\n  *  from 22.2 before 22.2R3-S3,\u00a0\n  *  from 22.3 before 22.3R3-S2,\u00a0\n  *  from 22.4 before 22.4R3,\u00a0\n  *  from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n  *  All versions before 20.4R3-S10-EVO,\u00a0\n  *  from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n  *  from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n  *  from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n  *  from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n  *  from 22.4-EVO before 22.4R3-EVO,\u00a0\n  *  from 23.2-EVO before 23.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T23:05:27.050Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA82980"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\n\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA82980",
        "defect": [
          "1758171"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39514",
    "datePublished": "2024-07-10T23:05:27.050Z",
    "dateReserved": "2024-06-25T15:12:53.238Z",
    "dateUpdated": "2024-08-02T04:26:15.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38482 (GCVE-0-2024-38482)

Vulnerability from cvelistv5 – Published: 2024-08-02 04:12 – Updated: 2024-08-02 17:38
VLAI
Summary
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Dell CloudLink Affected: N/A , < 8.1 (semver)
Create a notification for this product.
Date Public
2024-08-01 06:30
Credits
Dell would like to thank B4gpipe for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38482",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T17:38:10.800621Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:38:31.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CloudLink",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "8.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank B4gpipe for reporting this issue."
        }
      ],
      "datePublic": "2024-08-01T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u0026nbsp; CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database."
            }
          ],
          "value": "CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive information from the database."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-02T04:12:12.391Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000227493/dsa-2024-343-security-update-for-dell-cloudlink-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-38482",
    "datePublished": "2024-08-02T04:12:12.391Z",
    "dateReserved": "2024-06-18T01:53:34.135Z",
    "dateUpdated": "2024-08-02T17:38:31.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38435 (GCVE-0-2024-38435)

Vulnerability from cvelistv5 – Published: 2024-07-21 07:10 – Updated: 2024-08-02 04:12
VLAI
Title
Unitronics Vision PLC - CWE-703: Improper Check or Handling of Exceptional Conditions
Summary
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Unitronics Vision PLC Affected: All versions , < Upgrade to v9.9.1 (custom)
Create a notification for this product.
Date Public
2024-07-18 07:05
Credits
Claroty Research – Team 82
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38435",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T11:51:46.970559Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T11:51:57.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:24.743Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vision PLC",
          "vendor": "Unitronics",
          "versions": [
            {
              "lessThan": "Upgrade to v9.9.1",
              "status": "affected",
              "version": "All versions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Claroty Research \u2013 Team 82"
        }
      ],
      "datePublic": "2024-07-18T07:05:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnitronics Vision PLC \u2013\u0026nbsp;\u003c/span\u003eCWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "Unitronics Vision PLC \u2013\u00a0CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-21T07:10:04.460Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to v9.9.1\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Upgrade to v9.9.1"
        }
      ],
      "source": {
        "advisory": "ILVN-2024-0173",
        "discovery": "UNKNOWN"
      },
      "title": "Unitronics Vision PLC - CWE-703: Improper Check or Handling of Exceptional Conditions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2024-38435",
    "datePublished": "2024-07-21T07:10:04.460Z",
    "dateReserved": "2024-06-16T08:00:52.286Z",
    "dateUpdated": "2024-08-02T04:12:24.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37995 (GCVE-0-2024-37995)

Vulnerability from cvelistv5 – Published: 2024-09-10 09:36 – Updated: 2024-09-10 15:09
VLAI
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC Reader RF610R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF610R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF610R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF615R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF615R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF615R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R ARIB Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R ARIB Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R ARIB Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF1140R Affected: 0 , < V1.1 (custom)
Create a notification for this product.
Siemens SIMATIC RF1170R Affected: 0 , < V1.1 (custom)
Create a notification for this product.
Siemens SIMATIC RF166C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF185C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF186C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF186CI Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF188C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF188CI Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF360R Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37995",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:08:52.987640Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:09:02.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF610R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF610R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF610R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF615R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF615R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF615R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF1140R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF1170R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF166C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF185C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF186C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF186CI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF188C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF188CI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF360R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:36:42.714Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-37995",
    "datePublished": "2024-09-10T09:36:42.714Z",
    "dateReserved": "2024-06-11T08:32:52.184Z",
    "dateUpdated": "2024-09-10T15:09:02.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37992 (GCVE-0-2024-37992)

Vulnerability from cvelistv5 – Published: 2024-09-10 09:36 – Updated: 2024-09-10 15:08
VLAI
Summary
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC Reader RF610R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF610R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF610R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF615R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF615R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF615R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R ARIB Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF650R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R ARIB Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF680R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R ARIB Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R CMIIT Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R ETSI Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC Reader RF685R FCC Affected: 0 , < V4.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF1140R Affected: 0 , < V1.1 (custom)
Create a notification for this product.
Siemens SIMATIC RF1170R Affected: 0 , < V1.1 (custom)
Create a notification for this product.
Siemens SIMATIC RF166C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF185C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF186C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF186CI Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF188C Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF188CI Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Siemens SIMATIC RF360R Affected: 0 , < V2.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:04:53.594332Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:08:09.459Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF610R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF610R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF610R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF615R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF615R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF615R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF650R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF680R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R ARIB",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R CMIIT",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R ETSI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Reader RF685R FCC",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF1140R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF1170R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF166C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF185C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF186C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF186CI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF188C",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF188CI",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC RF360R",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T09:36:37.300Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-37992",
    "datePublished": "2024-09-10T09:36:37.300Z",
    "dateReserved": "2024-06-11T08:32:52.183Z",
    "dateUpdated": "2024-09-10T15:08:09.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31883 (GCVE-0-2024-31883)

Vulnerability from cvelistv5 – Published: 2024-06-27 15:50 – Updated: 2024-08-02 01:59
VLAI
Title
IBM Security Verify Access denial of service
Summary
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
ibm
Impacted products
Vendor Product Version
IBM Security Verify Access Affected: 10.0.0.0 , ≤ 10.0.7.1 (semver)
    cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T17:23:26.234798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T17:23:32.454Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:59:50.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7158789"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_verify_access:10.0.7.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Security Verify Access",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "10.0.7.1",
              "status": "affected",
              "version": "10.0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption.   IBM X-Force ID:  287615."
            }
          ],
          "value": "IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption.   IBM X-Force ID:  287615."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-27T15:50:52.220Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7158789"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287615"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Security Verify Access denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-31883",
    "datePublished": "2024-06-27T15:50:52.220Z",
    "dateReserved": "2024-04-07T12:44:46.961Z",
    "dateUpdated": "2024-08-02T01:59:50.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26007 (GCVE-0-2024-26007)

Vulnerability from cvelistv5 – Published: 2024-05-14 16:19 – Updated: 2024-08-01 23:52
VLAI
Summary
An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiOS Affected: 7.4.1
Create a notification for this product.
fortinet fortios Affected: 7.4.1
    cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "status": "affected",
                "version": "7.4.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T17:41:23.032103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:54.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:52:06.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-24-017",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-24-017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-14T16:19:08.407Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-24-017",
          "url": "https://fortiguard.com/psirt/FG-IR-24-017"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.4.2 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-26007",
    "datePublished": "2024-05-14T16:19:08.407Z",
    "dateReserved": "2024-02-14T09:18:43.245Z",
    "dateUpdated": "2024-08-01T23:52:06.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21629 (GCVE-0-2024-21629)

Vulnerability from cvelistv5 – Published: 2024-01-02 21:26 – Updated: 2025-06-17 20:29
VLAI
Title
Erroneous handling of `record_external_operation` error return
Summary
Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
Impacted products
Vendor Product Version
rust-ethereum evm Affected: < 0.41.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v"
          },
          {
            "name": "https://github.com/rust-ethereum/evm/pull/264",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-ethereum/evm/pull/264"
          },
          {
            "name": "https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4"
          },
          {
            "name": "https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-09T18:39:02.463672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T20:29:07.013Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "evm",
          "vendor": "rust-ethereum",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.41.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-02T21:26:12.680Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v"
        },
        {
          "name": "https://github.com/rust-ethereum/evm/pull/264",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-ethereum/evm/pull/264"
        },
        {
          "name": "https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4"
        },
        {
          "name": "https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69"
        }
      ],
      "source": {
        "advisory": "GHSA-27wg-99g8-2v4v",
        "discovery": "UNKNOWN"
      },
      "title": "Erroneous handling of `record_external_operation` error return"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-21629",
    "datePublished": "2024-01-02T21:26:12.680Z",
    "dateReserved": "2023-12-29T03:00:44.954Z",
    "dateUpdated": "2025-06-17T20:29:07.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21593 (GCVE-0-2024-21593)

Vulnerability from cvelistv5 – Published: 2024-04-12 14:54 – Updated: 2024-08-01 22:27
VLAI
Title
Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-703 - Improper Check or Handling of Exceptional Conditions
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 21.4R3 , < 21.4R3-S5 (semver)
Unaffected: 22.1
Affected: 22.2R2 , < 22.2R3-S2 (semver)
Affected: 22.3R1 , < 22.3R2-S2 (semver)
Affected: 22.3R3 , < 22.3R3-S1 (semver)
Affected: 22.4R1 , < 22.4R2-S2, 22.4R3 (semver)
Affected: 23.2 , < 23.2R1-S1, 23.2R2 (semver)
Create a notification for this product.
Date Public
2024-04-10 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T20:06:24.283051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:43.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA75732"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series with MPC10",
            "MPC11",
            "LC9600",
            "MX304"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S5",
              "status": "affected",
              "version": "21.4R3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "22.1"
            },
            {
              "lessThan": "22.2R3-S2",
              "status": "affected",
              "version": "22.2R2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R2-S2",
              "status": "affected",
              "version": "22.3R1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1",
              "status": "affected",
              "version": "22.3R3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-S2, 22.4R3",
              "status": "affected",
              "version": "22.4R1",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S1, 23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be affected by this issue, the following configuration is required on the device:\u003cbr\u003e\u0026nbsp;   [ encapsulation ethernet-ccc ]\u003cbr\u003e"
            }
          ],
          "value": "To be affected by this issue, the following configuration is required on the device:\n\u00a0   [ encapsulation ethernet-ccc ]"
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\u003cbr\u003e \u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e21.4 versions from 21.4R3 earlier than 21.4R3-S5;\u003cbr\u003e22.2 versions from 22.2R2 earlier than 22.2R3-S2;\u003cbr\u003e22.3 versions from 22.3R1 earlier than 22.3R2-S2;\u003cbr\u003e22.3 versions from 22.3R3 earlier than\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S1\u003c/span\u003e\u003cbr\u003e22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\u003cbr\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.\n \nCircuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.\n\nThis issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions from 21.4R3 earlier than 21.4R3-S5;\n22.2 versions from 22.2R2 earlier than 22.2R3-S2;\n22.3 versions from 22.3R1 earlier than 22.3R2-S2;\n22.3 versions from 22.3R3 earlier than\u00a022.3R3-S1\n22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;\n23.2 versions earlier than 23.2R1-S1, 23.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-703",
              "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:06:30.729Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA75732"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.4R3-S5, 22.2R3-S2, 22.2R3-S3, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA75732",
        "defect": [
          "1720275"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21593",
    "datePublished": "2024-04-12T14:54:08.039Z",
    "dateReserved": "2023-12-27T19:38:25.704Z",
    "dateUpdated": "2024-08-01T22:27:35.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.