CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CVE-2014-0757 (GCVE-0-2014-0757)
Vulnerability from cvelistv5
Published
2014-01-31 02:00
Modified
2025-08-22 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Smart Software Solutions (3S) | CoDeSys Runtime Toolkit |
Version: 0 < V2.4.7.44 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01"
},
{
"name": "56713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CoDeSys Runtime Toolkit",
"vendor": "Smart Software Solutions (3S)",
"versions": [
{
"lessThan": "V2.4.7.44",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Miles"
}
],
"datePublic": "2014-01-30T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSmart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T22:56:09.487Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-030-01"
},
{
"name": "56713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56713"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e3S has produced an update that is available for download from the 3S CODESYS Download page:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.codesys.com/support-training/self-help/downloads-updates.html\"\u003ehttp://www.codesys.com/support-training/self-help/downloads-updates.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePlease contact CODESYS Support for any additional questions concerning the update.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "3S has produced an update that is available for download from the 3S CODESYS Download page:\u00a0 http://www.codesys.com/support-training/self-help/downloads-updates.html \n\n\nPlease contact CODESYS Support for any additional questions concerning the update."
}
],
"source": {
"advisory": "ICSA-14-030-01",
"discovery": "EXTERNAL"
},
"title": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01"
},
{
"name": "56713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0757",
"datePublished": "2014-01-31T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-08-22T22:56:09.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40732 (GCVE-0-2021-40732)
Vulnerability from cvelistv5
Published
2021-10-13 16:02
Modified
2025-11-03 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | XMP Toolkit |
Version: unspecified < Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:26:21.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html"
},
{
"name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XMP Toolkit",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2020.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T00:06:15.322Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html"
},
{
"name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XMP Toolkit SDK Null Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-40732",
"datePublished": "2021-10-13T16:02:17.678Z",
"dateReserved": "2021-09-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:26:21.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42528 (GCVE-0-2021-42528)
Vulnerability from cvelistv5
Published
2022-05-02 22:24
Modified
2025-11-03 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference ()
Summary
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | XMP Toolkit |
Version: unspecified < Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:26:23.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html"
},
{
"name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XMP Toolkit",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2021.07",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T00:06:24.100Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html"
},
{
"name": "[debian-lts-announce] 20230925 [SECURITY] [DLA 3585-1] exempi security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XMP-Toolkit Null Pointer Dereference Application denial-of-service"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-42528",
"datePublished": "2022-05-02T22:24:04.931Z",
"dateReserved": "2021-10-15T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:26:23.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2121 (GCVE-0-2022-2121)
Vulnerability from cvelistv5
Published
2022-06-24 15:00
Modified
2025-11-03 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcmtk",
"vendor": "offis",
"versions": [
{
"lessThan": "3.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T20:06:15.328916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:06:53.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:43.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
},
{
"name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DCMTK",
"vendor": "OFFIS",
"versions": [
{
"lessThan": "3.6.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OFFIS DCMTK\u0027s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T19:06:16.657Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01"
},
{
"name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"
}
],
"source": {
"advisory": "ICSMA-22-174-01",
"discovery": "UNKNOWN"
},
"title": "OFFIS DCMTK NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2121",
"datePublished": "2022-06-24T15:00:19.612Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:43.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-2309 (GCVE-0-2022-2309)
Vulnerability from cvelistv5
Published
2022-07-05 09:00
Modified
2025-11-04 16:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:09:31.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f"
},
{
"name": "GLSA-202208-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0006/"
},
{
"name": "FEDORA-2022-ed0eeb6a20",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/"
},
{
"name": "FEDORA-2022-ed17f59c1d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lxml/lxml",
"vendor": "lxml",
"versions": [
{
"lessThan": "4.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\u0027t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-24T01:06:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f"
},
{
"name": "GLSA-202208-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0006/"
},
{
"name": "FEDORA-2022-ed0eeb6a20",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/"
},
{
"name": "FEDORA-2022-ed17f59c1d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/"
}
],
"source": {
"advisory": "8264e74f-edda-4c40-9956-49de635105ba",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in lxml/lxml",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2309",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in lxml/lxml"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lxml/lxml",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.9.1"
}
]
}
}
]
},
"vendor_name": "lxml"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\u0027t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba"
},
{
"name": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f",
"refsource": "MISC",
"url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f"
},
{
"name": "GLSA-202208-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-06"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220915-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220915-0006/"
},
{
"name": "FEDORA-2022-ed0eeb6a20",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/"
},
{
"name": "FEDORA-2022-ed17f59c1d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/"
}
]
},
"source": {
"advisory": "8264e74f-edda-4c40-9956-49de635105ba",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2309",
"datePublished": "2022-07-05T09:00:12.000Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:09:31.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4121 (GCVE-0-2022-4121)
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-11-03 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:35.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dinhvh/libetpan/issues/420"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00018.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T17:59:45.603389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T18:00:13.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libetpan",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://github.com/dinhvh/libetpan/issues/420"
},
{
"url": "https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2022-4121",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-11-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:35.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41860 (GCVE-0-2022-41860)
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-11-03 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | freeradius |
Version: All versions from 0.9.3 to 3.0.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:27:38.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://freeradius.org/security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:39:17.283850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:39:35.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "freeradius",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions from 0.9.3 to 3.0.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://freeradius.org/security/"
},
{
"url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-41860",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:27:38.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4981 (GCVE-0-2022-4981)
Vulnerability from cvelistv5
Published
2025-10-21 15:02
Modified
2025-10-21 15:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4981",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T15:22:37.057203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:22:40.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://shimo.im/docs/e1Azd4dDQXUgOGqW/read"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"dcmqrscp"
],
"product": "DCMTK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.6.0"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.6.4"
},
{
"status": "affected",
"version": "3.6.5"
},
{
"status": "affected",
"version": "3.6.6"
},
{
"status": "affected",
"version": "3.6.7"
},
{
"status": "unaffected",
"version": "3.6.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zh_vul (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in DCMTK up to 3.6.7 entdeckt. Betroffen ist die Funktion DcmQueryRetrieveConfig::readPeerList der Datei /dcmqrcnf.cc der Komponente dcmqrscp. Dank Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Das Aktualisieren auf Version 3.6.8 kann dieses Problem l\u00f6sen. Die Bezeichnung des Patches lautet 957fb31e5. Die Aktualisierung der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:02:13.727Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329029 | DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329029"
},
{
"name": "VDB-329029 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329029"
},
{
"name": "Submit #673134 | DCMTK GitHub Repository DCMTK 3.6.5 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.673134"
},
{
"tags": [
"issue-tracking"
],
"url": "https://support.dcmtk.org/redmine/issues/1026"
},
{
"tags": [
"exploit"
],
"url": "https://shimo.im/docs/e1Azd4dDQXUgOGqW/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-19T12:32:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-4981",
"datePublished": "2025-10-21T15:02:13.727Z",
"dateReserved": "2025-10-19T10:26:26.206Z",
"dateUpdated": "2025-10-21T15:22:40.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24940 (GCVE-0-2023-24940)
Vulnerability from cvelistv5
Published
2023-05-09 17:02
Modified
2025-07-10 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Version: 10.0.17763.0 < 10.0.17763.4377 |
||
|
|
||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T16:21:06.482639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T16:21:14.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.4377",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.1726",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems"
],
"product": "Windows 10 Version 20H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19042.2965",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.1936",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.2965",
"status": "affected",
"version": "10.0.19043.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.1702",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.2965",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.19926",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5921",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5921",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.5921",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22070",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22070",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.22070",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26519",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.26519",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24266",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.24266",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.20969",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.20969",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.4377",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.1726",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19042.2965",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.1936",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.2965",
"versionStartIncluding": "10.0.19043.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.1702",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.2965",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.19926",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.5921",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5921",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.5921",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22070",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.22070",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "6.0.6003.22070",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26519",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.26519",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24266",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.24266",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.20969",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.20969",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-05-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T16:38:47.309Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940"
}
],
"title": "Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24940",
"datePublished": "2023-05-09T17:02:52.727Z",
"dateReserved": "2023-01-31T20:37:47.257Z",
"dateUpdated": "2025-07-10T16:38:47.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28766 (GCVE-0-2023-28766)
Vulnerability from cvelistv5
Published
2023-04-11 09:03
Modified
2025-11-11 20:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.
An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD89 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.64",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7KE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SS85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.64",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UM85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP100)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VK87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "V7.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BD-2FO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Compact 7SX800 (CP050)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V9.64), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SA82 (CP100) (All versions \u003c V8.90), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SD82 (CP100) (All versions \u003c V8.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions \u003c V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions \u003c V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SK82 (CP100) (All versions \u003c V8.89), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SL82 (CP100) (All versions \u003c V8.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7ST85 (CP300) (All versions \u003e= V7.80 \u003c V9.64), SIPROTEC 5 7ST86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7SX85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7UT82 (CP100) (All versions \u003c V8.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.40), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 7VU85 (CP300) (All versions \u003e= V7.80 \u003c V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions \u003c V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions \u003c V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions \u003c V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions \u003c V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions \u003c V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T20:20:07.076Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-28766",
"datePublished": "2023-04-11T09:03:05.547Z",
"dateReserved": "2023-03-23T09:09:31.711Z",
"dateUpdated": "2025-11-11T20:20:07.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-56
Phase: Implementation
Description:
- For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Phase: Requirements
Description:
- Select a programming language that is not susceptible to these issues.
Mitigation
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Phase: Architecture and Design
Description:
- Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Phase: Implementation
Description:
- Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.