Common Weakness Enumeration
CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
CVE-2024-12836 (GCVE-0-2024-12836)
Vulnerability from cvelistv5 – Published: 2024-12-30 16:50 – Updated: 2024-12-31 21:25
VLAI
EPSS
VEX
Title
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | DRASimuCAD |
Affected:
1.02
|
Date Public
2024-12-20 15:43
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T21:25:11.027822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T21:25:33.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DRASimuCAD",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "1.02"
}
]
}
],
"dateAssigned": "2024-12-19T22:21:32.386Z",
"datePublic": "2024-12-20T15:43:33.495Z",
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:50:06.133Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1724",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1724/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12836",
"datePublished": "2024-12-30T16:50:06.133Z",
"dateReserved": "2024-12-19T22:21:32.341Z",
"dateUpdated": "2024-12-31T21:25:33.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12834 (GCVE-0-2024-12834)
Vulnerability from cvelistv5 – Published: 2024-12-30 16:49 – Updated: 2024-12-31 21:30
VLAI
EPSS
VEX
Title
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | DRASimuCAD |
Affected:
1.02
|
Date Public
2024-12-20 15:43
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T21:29:50.628024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T21:30:07.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DRASimuCAD",
"vendor": "Delta Electronics",
"versions": [
{
"status": "affected",
"version": "1.02"
}
]
}
],
"dateAssigned": "2024-12-19T22:21:10.486Z",
"datePublic": "2024-12-20T15:43:17.469Z",
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:49:00.911Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1722",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1722/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12834",
"datePublished": "2024-12-30T16:49:00.911Z",
"dateReserved": "2024-12-19T22:21:10.441Z",
"dateUpdated": "2024-12-31T21:30:07.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11508 (GCVE-0-2024-11508)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:50 – Updated: 2024-11-22 21:25
VLAI
EPSS
VEX
Title
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22184.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2024-11-21 20:53
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:irfanview:irfanview:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "irfanview",
"vendor": "irfanview",
"versions": [
{
"lessThan": "4.70",
"status": "affected",
"version": "4.62",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:16:53.400462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:25:43.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IrfanView",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "4.62 32bit"
}
]
}
],
"dateAssigned": "2024-11-20T21:52:00.486Z",
"datePublic": "2024-11-21T20:53:00.849Z",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22184."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:50:50.307Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1603",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1603/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11508",
"datePublished": "2024-11-22T20:50:50.307Z",
"dateReserved": "2024-11-20T21:52:00.423Z",
"dateUpdated": "2024-11-22T21:25:43.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11507 (GCVE-0-2024-11507)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:50 – Updated: 2024-11-22 21:21
VLAI
EPSS
VEX
Title
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22177.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
Date Public
2024-11-21 20:53
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:irfanview:irfanview:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "irfanview",
"vendor": "irfanview",
"versions": [
{
"lessThan": "4.70",
"status": "affected",
"version": "4.62",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T21:11:07.876594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:21:16.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "IrfanView",
"vendor": "IrfanView",
"versions": [
{
"status": "affected",
"version": "4.62 32bit"
}
]
}
],
"dateAssigned": "2024-11-20T21:51:55.282Z",
"datePublic": "2024-11-21T20:53:08.269Z",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22177."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:50:54.287Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1604",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1604/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11507",
"datePublished": "2024-11-22T20:50:54.287Z",
"dateReserved": "2024-11-20T21:51:55.231Z",
"dateUpdated": "2024-11-22T21:21:16.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11346 (GCVE-0-2024-11346)
Vulnerability from cvelistv5 – Published: 2025-02-13 18:54 – Updated: 2025-02-13 19:17
VLAI
EPSS
VEX
Title
Access of Resource Using Incompatible Type in Postscript interpreter
Summary
: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark International | CX, XC, CS, MS, MX, XM, et. al. |
Affected:
0 , ≤ CXTLS.240.076
(custom)
Affected: CXTLS.240.200 , < * (custom) Affected: 0 , ≤ MXTLS.240.076 (custom) Affected: MXTLS.240.200 , < * (custom) Affected: 0 , ≤ CSTLS.240.076 (custom) Affected: CSTLS.240.200 , < * (custom) Affected: 0 , ≤ MSNSN.240.042 (custom) Affected: MSNSN.240.200 , < * (custom) Affected: 0 , ≤ MSTSN.240.042 (custom) Affected: MSTSN.240.200 , < * (custom) Affected: 0 , ≤ MXTSN.240.042 (custom) Affected: MXTSN.240.200 , < * (custom) Affected: 0 , ≤ CSNGV.240.042 (custom) Affected: CSNGV.240.200 , < * (custom) Affected: 0 , ≤ CSTGV.240.042 (custom) Affected: CSTGV.240.200 , < * (custom) Affected: 0 , ≤ CXTGV.240.042 (custom) Affected: CXTGV.240.200 , < * (custom) Affected: 0 , ≤ CXTPC.240.042 (custom) Affected: CXTPC.240.200 , < * (custom) Affected: 0 , ≤ CSTPC.240.042 (custom) Affected: CSTPC.240.200 , < * (custom) Affected: 0 , ≤ MXTCT.240.042 (custom) Affected: MXTCT.240.200 , < * (custom) Affected: 0 , ≤ MXTPM.240.042 (custom) Affected: MXTPM.240.200 , < * (custom) Affected: 0 , ≤ CXTMM.240.042 (custom) Affected: CXTMM.240.200 , < * (custom) Affected: 0 , ≤ CSTMM.240.042 (custom) Affected: CSTMM.240.200 , < * (custom) Affected: 0 , ≤ CSTZJ.240.042 (custom) Affected: CSTZJ.240.200 , < * (custom) Affected: 0 , ≤ CSNZJ.240.042 (custom) Affected: CSNZJ.240.200 , < * (custom) Affected: 0 , ≤ CXTZJ.240.042 (custom) Affected: CXTZJ.240.200 , < * (custom) Affected: 0 , ≤ CXNZJ.240.042 (custom) Affected: CXNZJ.240.200 , < * (custom) Affected: 0 , ≤ MSNGM.240.042 (custom) Affected: MSNGM.240.200 , < * (custom) Affected: 0 , ≤ MSLSG.230.401 (custom) Affected: 0 , ≤ MXLSG.230.401 (custom) Affected: 0 , ≤ MSLBD.230.401 (custom) Affected: 0 , ≤ MXLBD.230.401 (custom) Affected: 0 , ≤ CSLBN.230.401 (custom) Affected: 0 , ≤ CSLBL.230.401 (custom) Affected: 0 , ≤ CXLBN.230.401 (custom) Affected: 0 , ≤ CXLBL.230.401 (custom) Affected: 0 , ≤ CXTPP.230.401 (custom) Affected: 0 , ≤ CSTPP.230.401 (custom) Affected: 0 , ≤ CSTAT.230.401 (custom) Affected: 0 , ≤ CXTAT.230.401 (custom) Affected: 0 , ≤ CSTMH.230.401 (custom) Affected: 0 , ≤ CXTMH.230.401 (custom) Affected: 0 , ≤ LW90.TL2.P215 (custom) Affected: 0 , ≤ LW90.PR2.P215 (custom) Affected: 0 , ≤ LW90.PR4.P215 (custom) Affected: 0 , ≤ LW90.SB4.P215 (custom) Affected: 0 , ≤ LW90.SB7.P215 (custom) Affected: 0 , ≤ LW90.DN2.P215 (custom) Affected: 0 , ≤ LW90.DN4.P215 (custom) Affected: 0 , ≤ LW90.DN7.P215 (custom) Affected: 0 , ≤ LW90.TU.P215 (custom) Affected: 0 , ≤ LW90.SA.P215 (custom) Affected: 0 , ≤ LW90.MG.P215 (custom) Affected: 0 , ≤ LW90.GM7.P215 (custom) Affected: 0 , ≤ LW90.GM4.P215 (custom) Affected: 0 , ≤ LW90.VY4.P215 (custom) Affected: 0 , ≤ LW80.PRL.P257 (custom) Affected: 0 , ≤ LW80.SB2.P257 (custom) Affected: 0 , ≤ LW80.VYL.P257 (custom) Affected: 0 , ≤ LW80.VY2.P257 (custom) Affected: 0 , ≤ LW80.GM2.P257 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T19:16:38.233943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T19:17:04.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Postscript interpreter"
],
"product": "CX, XC, CS, MS, MX, XM, et. al.",
"vendor": "Lexmark International",
"versions": [
{
"changes": [
{
"at": "CXTLS.240.077 - CXTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.077 - MXTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.077 - CSTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.043 - MSNSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.043 - MSTSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.043 - MXTSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.043 - CSNGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSNGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.043 - CSTGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.043 - CXTGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.043 - CXTPC.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPC.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTPC.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.043 - CSTPC.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPC.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTPC.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.043 - MXTCT.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTCT.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTCT.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.043-MXTPM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTPM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTPM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.043-CXTMM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTMM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.043 - CSTMM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTMM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.043 - CSTZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.043 - CSNZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSNZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.043 - CXTZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.043 - CXNZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXNZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXNZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.043 - MSNGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLSG.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLSG.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLSG.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLSG.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLBD.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLBD.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLBD.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLBD.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBN.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBN.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBL.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBL.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBN.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBN.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBL.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBL.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPP.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPP.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPP.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPP.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTAT.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTAT.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTAT.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTAT.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMH.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMH.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMH.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMH.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.TL2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.TL2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.PR2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.PR2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.PR4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.PR4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SB4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SB4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SB7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SB7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.TU.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.TU.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SA.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SA.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.MG.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.MG.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.GM7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.GM7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.GM4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.GM4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.VY4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.VY4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.PRL.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.PRL.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.SB2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.SB2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.VYL.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.VYL.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.VY2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.VY2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.GM2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.GM2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.\u003cp\u003eThis issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836.\u003c/p\u003e"
}
],
"value": ": Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836."
}
],
"impacts": [
{
"capecId": "CAPEC-240",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-240 Resource Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T18:54:41.167Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Access of Resource Using Incompatible Type in Postscript interpreter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2024-11346",
"datePublished": "2025-02-13T18:54:41.167Z",
"dateReserved": "2024-11-18T16:10:42.142Z",
"dateUpdated": "2025-02-13T19:17:04.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11344 (GCVE-0-2024-11344)
Vulnerability from cvelistv5 – Published: 2025-02-13 18:51 – Updated: 2025-02-13 19:19
VLAI
EPSS
VEX
Title
Type confusion vulnerability in the Postscript interpreter in various Lexmark devices
Summary
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | CX, XC, CS, MS, MX, XM, et. al. |
Affected:
0 , ≤ CXTLS.240.076
(custom)
Affected: CXTLS.240.200 , < * (custom) Affected: 0 , ≤ MXTLS.240.076 (custom) Affected: MXTLS.240.200 , < * (custom) Affected: 0 , ≤ CSTLS.240.076 (custom) Affected: CSTLS.240.200 , < * (custom) Affected: 0 , ≤ MSNSN.240.042 (custom) Affected: MSNSN.240.200 , < * (custom) Affected: 0 , ≤ MSTSN.240.042 (custom) Affected: MSTSN.240.200 , < * (custom) Affected: 0 , ≤ MXTSN.240.042 (custom) Affected: MXTSN.240.200 , < * (custom) Affected: 0 , ≤ CSNGV.240.042 (custom) Affected: CSNGV.240.200 , < * (custom) Affected: 0 , ≤ CSTGV.240.042 (custom) Affected: CSTGV.240.200 , < * (custom) Affected: 0 , ≤ CXTGV.240.042 (custom) Affected: CXTGV.240.200 , < * (custom) Affected: 0 , ≤ CXTPC.240.042 (custom) Affected: CXTPC.240.200 , < * (custom) Affected: 0 , ≤ CSTPC.240.042 (custom) Affected: CSTPC.240.200 , < * (custom) Affected: 0 , ≤ MXTCT.240.042 (custom) Affected: MXTCT.240.200 , < * (custom) Affected: 0 , ≤ MXTPM.240.042 (custom) Affected: MXTPM.240.200 , < * (custom) Affected: 0 , ≤ CXTMM.240.042 (custom) Affected: CXTMM.240.200 , < * (custom) Affected: 0 , ≤ CSTMM.240.042 (custom) Affected: CSTMM.240.200 , < * (custom) Affected: 0 , ≤ CSTZJ.240.042 (custom) Affected: CSTZJ.240.200 , < * (custom) Affected: 0 , ≤ CSNZJ.240.042 (custom) Affected: CSNZJ.240.200 , < * (custom) Affected: 0 , ≤ CXTZJ.240.042 (custom) Affected: CXTZJ.240.200 , < * (custom) Affected: 0 , ≤ CXNZJ.240.042 (custom) Affected: CXNZJ.240.200 , < * (custom) Affected: 0 , ≤ MSNGM.240.042 (custom) Affected: MSNGM.240.200 , < * (custom) Affected: 0 , ≤ MSTGM.240.042 (custom) Affected: MSTGM.240.200 , < * (custom) Affected: 0 , ≤ MXNGM.240.042 (custom) Affected: MXNGM.240.200 , < * (custom) Affected: 0 , ≤ MXTGM.240.042 (custom) Affected: MXTGM.240.200 , < * (custom) Affected: 0 , ≤ MSNGW.240.042 (custom) Affected: MSNGW.240.200 , < * (custom) Affected: 0 , ≤ MSTGW.240.042 (custom) Affected: MSTGW.240.200 , < * (custom) Affected: 0 , ≤ MXTGW.240.042 (custom) Affected: MXTGW.240.200 , < * (custom) Affected: 0 , ≤ MSLSG.230.401 (custom) Affected: 0 , ≤ MXLSG.230.401 (custom) Affected: 0 , ≤ MSLBD.230.401 (custom) Affected: 0 , ≤ MXLBD.230.401 (custom) Affected: 0 , ≤ CSLBN.230.401 (custom) Affected: 0 , ≤ CSLBL.230.401 (custom) Affected: 0 , ≤ CXLBN.230.401 (custom) Affected: 0 , ≤ CXLBL.230.401 (custom) Affected: 0 , ≤ CXTPP.230.401 (custom) Affected: 0 , ≤ CSTPP.230.401 (custom) Affected: 0 , ≤ CSTAT.230.401 (custom) Affected: 0 , ≤ CXTAT.230.401 (custom) Affected: 0 , ≤ CSTMH.230.401 (custom) Affected: 0 , ≤ CXTMH.230.401 (custom) Affected: 0 , ≤ LW90.TL2.P215 (custom) Affected: 0 , ≤ LW90.PR2.P215 (custom) Affected: 0 , ≤ LW90.PR4.P215 (custom) Affected: 0 , ≤ LW90.SB4.P215 (custom) Affected: 0 , ≤ LW90.SB7.P215 (custom) Affected: 0 , ≤ LW90.DN2.P215 (custom) Affected: 0 , ≤ LW90.DN4.P215 (custom) Affected: 0 , ≤ LW90.DN7.P215 (custom) Affected: 0 , ≤ LW90.TU.P215 (custom) Affected: 0 , ≤ LW90.SA.P215 (custom) Affected: 0 , ≤ LW90.MG.P215 (custom) Affected: 0 , ≤ LW90.GM7.P215 (custom) Affected: 0 , ≤ LW90.GM4.P215 (custom) Affected: 0 , ≤ LW90.VY4.P215 (custom) Affected: 0 , ≤ LW80.PRL.P257 (custom) Affected: 0 , ≤ LW80.SB2.P257 (custom) Affected: 0 , ≤ LW80.VYL.P257 (custom) Affected: 0 , ≤ LW80.VY2.P257 (custom) Affected: 0 , ≤ LW80.GM2.P257 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T19:16:46.776468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T19:19:11.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CX, XC, CS, MS, MX, XM, et. al.",
"vendor": "Lexmark",
"versions": [
{
"changes": [
{
"at": "CXTLS.240.077 - CXTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.077 - MXTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.077 - CSTLS.240.199",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTLS.240.076",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTLS.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTLS.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.043 - MSNSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.043 - MSTSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.043 - MXTSN.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTSN.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTSN.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTSN.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.043 - CSNGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSNGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.043 - CSTGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.043 - CXTGV.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTGV.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTGV.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTGV.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.043 - CXTPC.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPC.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPC.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTPC.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.043 - CSTPC.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPC.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPC.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTPC.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.043 - MXTCT.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTCT.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTCT.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTCT.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.043-MXTPM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTPM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTPM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTPM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.043-CXTMM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTMM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.043 - CSTMM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTMM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.043 - CSTZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSTZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.043 - CSNZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSNZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSNZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CSNZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.043 - CXTZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXTZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.043 - CXNZJ.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXNZJ.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXNZJ.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "CXNZJ.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.043 - MSNGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGM.240.043 - MSTGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXNGM.240.043 - MXNGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXNGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXNGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXNGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGM.240.043 - MXTGM.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTGM.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGM.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTGM.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGW.240.043 - MSNGW.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSNGW.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSNGW.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSNGW.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGW.240.043 - MSTGW.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSTGW.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSTGW.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MSTGW.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGW.240.043 - MXTGW.240.069",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXTGW.240.042",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXTGW.240.201 and later",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "MXTGW.240.200",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLSG.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLSG.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLSG.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLSG.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MSLBD.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MSLBD.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "MXLBD.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "MXLBD.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBN.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBN.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSLBL.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSLBL.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBN.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBN.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXLBL.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXLBL.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTPP.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTPP.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTPP.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTPP.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTAT.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTAT.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTAT.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTAT.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CSTMH.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CSTMH.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "CXTMH.230.402 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "CXTMH.230.401",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.TL2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.TL2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.PR2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.PR2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.PR4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.PR4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SB4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SB4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SB7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SB7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN2.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN2.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.DN7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.DN7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.TU.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.TU.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.SA.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.SA.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.MG.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.MG.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.GM7.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.GM7.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.GM4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.GM4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW90.VY4.P216 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW90.VY4.P215",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.PRL.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.PRL.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.SB2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.SB2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.VYL.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.VYL.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.VY2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.VY2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"changes": [
{
"at": "LW80.GM2.P258 and later",
"status": "unaffected"
}
],
"lessThanOrEqual": "LW80.GM2.P257",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T18:53:16.828Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type confusion vulnerability in the Postscript interpreter in various Lexmark devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lexmark recommends a firmware update if your device has affected firmware."
}
],
"value": "Lexmark recommends a firmware update if your device has affected firmware."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2024-11344",
"datePublished": "2025-02-13T18:51:23.777Z",
"dateReserved": "2024-11-18T16:10:34.720Z",
"dateUpdated": "2025-02-13T19:19:11.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7825 (GCVE-0-2024-7825)
Vulnerability from cvelistv5 – Published: 2024-10-03 17:05 – Updated: 2024-10-03 17:46
VLAI
EPSS
VEX
Title
Type confusion that can cause the WRSA.exe service to crash and generate a crash dump
Summary
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Webroot | SecureAnywhere - Web Shield |
Affected:
0 , < 2.1.2.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T17:44:15.462554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:46:06.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"wrUrl.dll"
],
"platforms": [
"Windows",
"ARM",
"64 bit",
"32 bit"
],
"product": "SecureAnywhere - Web Shield",
"vendor": "Webroot",
"versions": [
{
"lessThan": "2.1.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence (exodusintel.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.\u003cp\u003eThis issue affects SecureAnywhere - Web Shield: before 2.1.2.3.\u003c/p\u003e"
}
],
"value": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:05:36.282Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type confusion that can cause the WRSA.exe service to crash and generate a crash dump",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-7825",
"datePublished": "2024-10-03T17:05:36.282Z",
"dateReserved": "2024-08-14T21:48:56.011Z",
"dateUpdated": "2024-10-03T17:46:06.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7824 (GCVE-0-2024-7824)
Vulnerability from cvelistv5 – Published: 2024-10-03 17:05 – Updated: 2024-10-03 17:45
VLAI
EPSS
VEX
Title
Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump
Summary
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Webroot | SecureAnywhere - Web Shield |
Affected:
0 , < 2.1.2.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T17:44:14.439557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:45:56.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"wrUrl.dll"
],
"platforms": [
"Windows",
"ARM",
"64 bit",
"32 bit"
],
"product": "SecureAnywhere - Web Shield",
"vendor": "Webroot",
"versions": [
{
"lessThan": "2.1.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Exodus Intelligence (exodusintel.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.\u003cp\u003eThis issue affects SecureAnywhere - Web Shield: before 2.1.2.3.\u003c/p\u003e"
}
],
"value": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:05:37.645Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-7824",
"datePublished": "2024-10-03T17:05:37.645Z",
"dateReserved": "2024-08-14T21:48:55.105Z",
"dateUpdated": "2024-10-03T17:45:56.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6119 (GCVE-0-2024-6119)
Vulnerability from cvelistv5 – Published: 2024-09-03 15:58 – Updated: 2026-07-14 12:37
VLAI
EPSS
VEX
Title
Possible denial of service in X.509 name checks
Summary
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
11 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.3.0 , < 3.3.2
(semver)
Affected: 3.2.0 , < 3.2.3 (semver) Affected: 3.1.0 , < 3.1.7 (semver) Affected: 3.0.0 , < 3.0.15 (semver) |
|
| openssl | openssl |
Affected:
3.3.0 , < 3.3.2
(custom)
Affected: 3.2.0 , < 3.2.3 (custom) Affected: 3.1.0 , < 3.1.7 (custom) Affected: 3.0.0 , < 3.0.15 (custom) cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
Date Public
2024-09-03 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-12T16:03:01.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/03/4"
},
{
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240912-0001/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssl",
"vendor": "openssl",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.1.7",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
},
{
"lessThan": "3.0.15",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:20:39.935362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:25:47.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:37:27.827Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.3",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.1.7",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.0.15",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2024-09-03T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications performing certificate name checks (e.g., TLS\u003cbr\u003eclients checking server certificates) may attempt to read an invalid memory\u003cbr\u003eaddress resulting in abnormal termination of the application process.\u003cbr\u003e\u003cbr\u003eImpact summary: Abnormal termination of an application can a cause a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eApplications performing certificate name checks (e.g., TLS clients checking\u003cbr\u003eserver certificates) may attempt to read an invalid memory address when\u003cbr\u003ecomparing the expected name with an `otherName` subject alternative name of an\u003cbr\u003eX.509 certificate. This may result in an exception that terminates the\u003cbr\u003eapplication program.\u003cbr\u003e\u003cbr\u003eNote that basic certificate chain validation (signatures, dates, ...) is not\u003cbr\u003eaffected, the denial of service can occur only when the application also\u003cbr\u003especifies an expected DNS name, Email address or IP address.\u003cbr\u003e\u003cbr\u003eTLS servers rarely solicit client certificates, and even when they do, they\u003cbr\u003egenerally don\u0027t perform a name check against a reference identifier (expected\u003cbr\u003eidentity), but rather extract the presented identity after checking the\u003cbr\u003ecertificate chain. So TLS servers are generally not affected and the severity\u003cbr\u003eof the issue is Moderate.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
}
],
"value": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don\u0027t perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:58:06.970Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20240903.txt"
},
{
"name": "3.3.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0"
},
{
"name": "3.2.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f"
},
{
"name": "3.1.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2"
},
{
"name": "3.0.15 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible denial of service in X.509 name checks",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2024-6119",
"datePublished": "2024-09-03T15:58:06.970Z",
"dateReserved": "2024-06-18T09:24:11.739Z",
"dateUpdated": "2026-07-14T12:37:27.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5597 (GCVE-0-2024-5597)
Vulnerability from cvelistv5 – Published: 2024-06-10 16:53 – Updated: 2024-08-01 21:18
VLAI
EPSS
VEX
Title
Fuji Electric Monitouch V-SFT Type Confusion
Summary
Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Type Confusion
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Electric | Monitouch V-SFT |
Affected:
0 , < 6.2.3.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T20:11:14.382101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T20:12:13.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Monitouch V-SFT",
"vendor": "Fuji Electric",
"versions": [
{
"lessThan": "6.2.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kimiya working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fuji Electric Monitouch V-SFT\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eis vulnerable to a type confusion, which could cause a crash or code execution.\u003c/span\u003e\n\n"
}
],
"value": "Fuji Electric Monitouch V-SFT\u00a0is vulnerable to a type confusion, which could cause a crash or code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Type Confusion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:53:50.147Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fuji Electric recommends users update the product to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd\"\u003eMonitouch V-SFT v6.2.3.0\u003c/a\u003e.\n\n\u003cbr\u003e"
}
],
"value": "Fuji Electric recommends users update the product to Monitouch V-SFT v6.2.3.0 https://felib.fujielectric.co.jp/en/M10009/M20104/document_detail/55ff739b-bd06-4241-b078-3b9c9728bdfd ."
}
],
"source": {
"advisory": "ICSA-24-151-02",
"discovery": "EXTERNAL"
},
"title": "Fuji Electric Monitouch V-SFT Type Confusion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-5597",
"datePublished": "2024-06-10T16:53:50.147Z",
"dateReserved": "2024-06-03T13:32:22.404Z",
"dateUpdated": "2024-08-01T21:18:06.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.